by Jimmy Marks
Recently, our COO Rob (Banker, who's written a number of swell posts for us) came to town and got me going on our office network. He set me up and then asked me to enter my password. He said anything would do, so long as:
-It was eight (8) characters or more
-It had a capital letter
-There was a punctuation mark
-There was a number
-It was the same thing forwards and backwards
-You couldn't say the combo while holding a cracker in your mouth
-It had to have the name of at least one (1) person who was a regular cast member on the Carol Burnett show.
Okay, so I made up the last three. But he likes his passwords strict, and with good reason: many passwords are very easy to crack.
WHAT?!?, you're thinking to yourself. Not MY password! After all, it's pumpkinfluff34! No one would ever guess...drat! I've given it away!
The truth is, your password is probably pretty easy to guess. And you're probably making it easy for hackers to get hold of it.
Just how easy is it? Visit this story from Fortune.com and see how most break-ins are facilitated by your very own security questions.
Don't believe it happens? Go ask Sarah Palin. Here's how her hacker got into her account and changed her password.
The hacker guessed that Alaska's governor had met her husband in high school, and knew Palin's date of birth and home Zip code. Using those details, the hacker tricked Yahoo Inc.'s service into assigning a new password, "popcorn," for Palin's e-mail account, according to a chronology of the crime published on the Web site where the hacking was first revealed. --from SFGate.com, "Hacker impersonated Palin, stole e-mail password"
So what DOES work?
1. Don't get lazy. Be vigilant. Think of how much info passes through your inbox and decide whether or not it's worth protecting.
2. Get complicated. Remember it however you have to (short of WRITING IT DOWN BESIDE YOUR COMPUTER IN BIG, BOLD LETTERS), but remember it. You can keep your SS#, birthday and license info in your head? Keep your password there, too.
3. Change it up. Never leave that password there for a long time. You'll have to be creative. You don't like putting that much effort into protecting yourself? Tough. Do it anyway.
This whole discussion brings to mind one of my favorite Simpson's episodes (yes, I'm that level of dork). In it, Marge and Homer go to a police auction and see that gates belonging to a gangster named Johnny D. Chief Wiggum explains:
Wiggum: These prestigious rod-iron security gates are bullet-proof, bomb-proof, and battering-ram resistant. Now...
Principal Skinner: Then what happened to Johnny D?
Wiggum: He forgot to lock 'em.
Comments