I post at SearchCommander.com now, and this post was published 15 years 9 months 10 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.
A dozen years ago or so, I had one password that I used for everything, and it wasn’t until some bad experiences that I understood the wisdom of having stronger passwords.
That said, to this day, I have some very simple passwords for literally dozens of online accounts I have in various places, because there’s really only so much need for security on certain accounts, but they’re not common words from the dictionary.
I also have some accounts that I would obviously not want to fall into the wrong hands, but I’m also not willing to give up my most secure passwords to these companies either, and for those I use a different password.
Finally, for logging into credit card company or financial institution sites require an inordinate amount of caution, and that’s why I have three personal “password levels” that I use. While they’re all completely easy for me to remember, they’re not going to be randomly guessed by some software or ‘bot.
Long before I started using Firefox, I either had to remember my passwords or buy Roboform for every computer, so I derived a system that made some sense to me, since I often found myself frustrated by forgetting my passwords.
Jumping ahead to 2009, privacy and security have never been more important, and the odds are you haven’t begun using stronger passwords, have you?
After a recent very ugly hacking of a website on our hosting, where the FTP password was set to “password”, I’d like to do recommend that you go change some of them right now.
In my opinion, you absolutely must to create a stronger password for your:
- E-mail accounts
- Web property logins & FTP access
- Web logins that have financial implications
Why use a stronger email password?
With a simple e-mail password, hackers can run scripts on mail servers trying common usernames and common passwords, and frequently they are successful gaining entrance to someone’s Web mailbox.
When someone gets access to a mail server with a username and password that validates, they can easily point their zombie spam machines to your mail server and begin to send out millions and millions of e-mails hour after hour. This does a couple of things, including bringing your mail server to its knees and getting everyone that’s hosted on that mail server banned for a least a few hours while the mess gets cleaned up.
Why use a stronger web / FTP password?
Most hackers aren’t content anymore with just defacing your site, now there’s a purpose to their hacking, i.e. some sort of financial gain.
When someone gets access to your Web logins and they can change your site, they’re also able to upload malicious scripts that can infect unsuspecting site visitors with various viruses, malware, adware and spyware.
In the old days, when spyware was relatively new, you could usually always tell when you add some crapware on your site because your system ran poorly, and this led to the rise of various spyware removal and prevention software.
Today however, the crapware designers do a much better job, and it’s highly likely that if you get spyware from a website, you may not even notice a performance hit. As the industry has become much more lucrative, talented programmers can write software to do their bidding on your PC without you even noticing.
For all you know, some well-written spyware could be using your home computer to log in at 11 at night to send a few thousand e-mails out, and be completely done by 3 a.m. only to sit dormant and not affect your regular daily use.
Why use stronger Financial Passwords?
Well, duh – For your online banking and purchasing, someone could conceivably log in as you, and trade stocks, transfer funds, and basically wipe you out financially just as surely as if you let the government do it for you.
That’s why you need secure passwords, and you need password you can remember.
How can you create a secure yet memorable password?
Secure passwords should have a combination of both upper and lower case letters, as well as numerals, to keep the hackers at bay,, and here’s my preferred way to create secure passwords that I can’t forget…
Think of an event that has some meaning for you and think of it as a written sentence. then use the first letter of each word, and the numbers for your password.
For example –
“My dog Fido died on May 10 1990” and your password would be MdFdoM101990
Or –
“My son Joe was born on May 10, 2000” and the password becomes, MsJwboM102000 – get it?
You might choose to just use the last two digits for the year, or perhaps all four, but use a pattern that you can remember.
Use your wifes birthday, or something else that you could NEVER forget, and make sure to use at least two capital letters and at least two numbers.
If you want it truly unique for each website, and even more secure, you could try also adding the first letter of the domain you’re logging into.
# and $ signs and a few other characters are secure too, but keep in mind that some servers won’t accept them.
I’ll wait here while you go change your passwords right now, because believe me, someone really IS trying to get in your account, and maybe they’re trying right now!
*** Update March 2010***
My friends sister just found out that she was locked out of her hotmail account, and after a few minutes she realized she was locked out of her bank account too, and a couple of others. someone had apparently gained access to her mail account, so I got a panicked call.
Her password was a simple one, and with it, they changed her security questions in case she noticed, then they reset passwords elsewhere, (since they had control of her email account for verification they could do that!), and as of this writing, she’s on the phone with US Bank after about 20 minutes of digging to find this link at Microsoft which led to this Microsoft account recovery form.
Change your passwords NOW.
Good Advice. Everyone does need to use stronger passwords to protect their digital identities or investments (not just monetary).
The problem is that users tend to have a problem remembering good passwords that include letters, numbers and symbols that are case sensitive. I read another article a while back that gave another good suggestion on how to get around that. Come up with a good combination that includes the name of the site your logging in to as well as a symbol and then your standard password. This makes it easier for the user to remember.
Such as if your dogs name is sparky and you use this as your password.. simply make a variation of that as your password. Lets say this is the case and you use Yahoo for your mail. We take the first 3 letters of the sites name and a symbol to make the new password of YAH#sparky
This makes a completely secure password that is easy for the user to remember with little effort. It also generates a new password for every site so no malicious admin can obtain your password from a database and use it somewhere else.
Thanks Rob – funny, I read that same article, and I wish I could find it again, because it does offer even more security than my method, through the use of characters…
Anyone else see that and have a link?
Good tips, I defintely need more secure passwords. It’s been something I’ve been putting off for a long time but thanks for the reminder.
I have been using the same 3 passwords for the past 10 years and although I remember a complex FTP password for my server space, rememberig more than one of these isn’t really viable. So I will try your important sentence method. Nice one.