There have been a couple of posts lately by members concerning online passwords or the government's plan for an ID system. Given the events recently
regarding Sony and the Playstation Network being hacked I thought one more couldn't hurt.
There are several steps that people can take to make themselves and thier online data/info harder to access. Although in the case of the PSN breach
individual users are not at fault, here are some general ideas for people to keep in mind...(PS...I'm an IT guy as well)
1. DO NOT USE THE SAME PASSWORD FOR EVERYTHING!!!
It is a pain in the @55 for sure, but have a different password for every site you use. When you change a passwords DO NOT just rotate one set through
each of your sites. If you choose to use a set list over and over again make sure that there are more passwords on that list then sites you connect
Ultimately you should use a new password each time you make a change.
2. Change your passwords frequently.
In many businesses the IT department will establish a set of mandatory guidelines that users have no choice but to adhere to. The most basic of these
steps is that a password can only be used for a set amount of time before it MUST be changed.
How often you change your passwords is up to you, but for the most casual of users twice a year should be the ABSOLUTE minimum.
3. DO NOT use anything that is well known about you.
Your maiden name, birthdate (yours or a family members), childhood pet etc are all things that people trying to access your account will look at
The more obscure or private 'thing' you based your password on the better.
4. Use long, complex passwords.
This is the meat of the issue. Although it is annoying or time consuming to have something complicated that you have to enter EVERY TIME you want to
access something, ask yourself one question...How annoying or complicated is it going to be to have to deal with the fallout of having been hacked?
Here's an example...
The best things to use are phrases or sentences
Nice and long, but WAY too simple; throw in some random capitalized letters...maybe a spelling change?
The besT tHinGs to Use aRe fRases oRe seNTenCes
Better, but it still is in plain text...
Th3 be5T tH1nGs t0 U5e aR3 fRas3s 0Re s3NTenCes
Getting there, but more can be done; try to use symbols/non-alpha-numeric characters too...
Th3 be5T tH1nG$_t0_U5e @R3 fR@s3s-0Re s3NTenCe$
Unlikely that someone will stumble upon that! If this was going to be MY banking password...
T#3 b35t +#1nG$_to0_U53 @R3 FfR@535-0R3 53N+3n5@y$
take out the spaces and you'd be looking at...
Good luck hacking that before someone notices you trying.
Although at first it may take some time, you will get the hang of making substituitions. Yes, if you always use @ instead of "a" then you are falling
into a pattern, but if you incorpoate ALL of these things together I'll wager that the sum is far more than the individual parts.
edit on 27-4-2011 by [davinci] because: (no reason given)