Internet Security. Passwords. “You need to change all your passwords, and they need to be different for every online account.”
Have I lost you yet? Dealing with password security is kind of like going to the gym; you know you should, but it’s easier to sit on the couch and watch “House of Cards”. I mean, you’ve used the same passwords, or variations thereof, for years and nothing too terrible has happened yet, right?
I don’t like changing my passwords any more than you do. My passwords may be stronger than yours, because my job is to pay attention to computer security. Even so, I have my favorites and I hate that the “heartbleed” bug has forced me to give them up.
Geek side note: the hackers aren’t singling you out, and they aren’t trying to “think through” what your password might be. Hackers have programs (algorithms) that try millions of variations in seconds or minutes, and big ol’ lists of dictionary words and actual passwords – all of this crunching at lightning speed. Think about it. Millions of published PlayStation or LinkedIn passwords are out there for the taking; a hugely valuable resource of real-world information for any hacker so inclined.
So, let’s assume you need a new e-mail password:
- Your e-mail password is your most important password – perhaps more important even than your online banking password. Why? Because “I forgot my password” tools use e-mail to verify that you are really you, before they will allow a reset. So make it a good one. And don’t re-use it in Facebook.
- Size does matter. Eight characters isn’t long enough anymore. Make it 12-14 characters.
- It should be easy to remember, not easy to read. This is not as hard as you think.
- Don’t let your Internet browser (Chrome, Firefox etc) store your password.
- Turn on two-factor authentication. (Have you heard of this? If not, save it for later. Google it. It’s a good idea.)
- Only change one password at a time (if you’re memorizing it and not using a password manager). This strategy gives your brain a chance to move your new password from short term memory to long term memory.
Strategy:
You’ve heard about taking the first letter of each word in a sentence, and making that the password? The Quick Brown Fox Jumped over the Lazy Dog becomes TQBFJOTLD. But don’t try to memorize the TQBFJOTLD – it has no relevance to you and this would be a waste of time. Just mutter the phrase to yourself as you type it and you’ll have no trouble remembering it. We’ll save the actual memorization for the rest of the password.
My twist on this: base it on a favorite song – you know all the words, and one you actually enjoy remembering.
Example: “Happy” by Pharrell Williams. http://24hoursofhappy.com/ Click the link and play the song while you read the rest of this – it’ll make more sense.
Pick out a line from the song and write down the lyric. Write or type this so you can see the password develop (don’t save this to your computer – print it out and keep it in a safe place, okay?)
Clap Along If You Feel Like A Room Without A Roof: just try to forget this, especially while listening to Pharrell sing it. Type it again. Now, type just the first letter of each word:
CAIYFLARWAR
Makes no sense when you read this, does it? Just remember the lyric. Hum it if you need to. Now let’s finish developing the password. We need special characters and some numbers. Some of the letters can be upper case and some should be lower case. The numbers could be personally meaningful; such as the year you started your business.
CAIYFlarwar_2014!
See what I did there? It’s long, it’s not easy to read and I’ve jazzed up the difficulty in a way that’s not hard to memorize. Type it a few more times (really, type it all out right now) and you should see that you can remember where you put the capital letters and the special characters.
Cementing this in memory:
- Change the password online. Log in to your e-mail account with it. Log out.
- Change it on all your devices (smart phone, tablet, Outlook or Mail on your laptop).
- The next day: log in and out a couple of more times in webmail. Set a reminder so you don’t forget. This tiny extra step makes the difference in getting this from short-term to long-term memory.
Does this seem like too much work for one password? I’d love to read your comments on how this works for you – or doesn’t work. Next time we’ll talk about password managers.
