It’s no longer acceptable to use dates of birth, pet names and so on for passwords. These easily guessed words were never secure, but it didn’t matter much in the past — quite frankly, who cared if a black hat got into your email account? So what?
However, things are much different today, because our lives are now digitally enveloped. Everything from banking to relationships is now inexorably online.
Here’s how to protect your digital life with hardened passwords.
Step 1: Strategic Planning
Determine which accounts to start hardening. Aim to systematically re-password the online accounts related to money first.
This can be quite a project, so start with banks and other valuable Web accounts; progress to email and social networks. End up — on a rainy day — rebuilding passwords for minor accounts like loyalty cards.
Step 2: Choose Good Passwords
Vary passwords and create different ones for every account. This is particularly important for any sensitive accounts like banking. Make up passwords by hand using a combination of letters, numerals and characters.
Introduce upper-case letters randomly within words; if you spell words, spell them wrong and use multiple unrelated words. Use numbers in lieu of letters from time to time, for example substitute a zero for an “o.”
Alternative methods include thinking of a phrase and taking the first letter of each word — or variations on that theme.
Tip: Crackers can use computer-driven dictionaries, pattern checking and word list substitutions that can attempt millions of passwords per second.
Step 3: Re-invent the Security Question Answer
Do not directly answer the security question. For example, if the security question requests a mother’s maiden name or first school, fabricate them.
Tip: Use the same construction technique as in the previous step — for example, misspelling your answer to beef things up even more. Just don’t forget what the answer is.
Step 4: Two-Step Authentication
Use two-factor authentication if it’s offered. This method of protection uses two factors, usually a password (something you know) and a phone or other device (something you have in your possession).
I’ve written about Google’s authentication before. Facebook also offers this method of authentication.
Tip: Don’t maintain a password list on a device you’re using for two-step authentication.
Step 5: Stay Alert
Be aware of social engineering attempts. These are human interventions that are designed to trick you into giving your password to a criminal. Avoid this problem by never giving out your password.
Tip: Reset a password if you’re in any doubt that you may have been tricked.
Step 6: Use an Aide-Mémoir
Last Pass, iPassword KeePass and Clipperz are all password managers that range in price from free to US$50. Features include DropBox integration, mobile integration, encryption, and password generation
Tip: Unfortunately, the nature of the beast is that the easier the password is for you to remember, the easier the password is to crack.
Step 7: Looking in Gift Horses’ Mouths
Add password protection when offered. Laptops and phones can get lost — or compromised by casual thieves.
It’s not just professional crackers that you need to protect yourself from. Laptops are often fenced and resold.
Step 8: Harden Further
Delete emails from new-account senders that include your password. Always change the initial setup password when prompted.
Set parental controls on in-app purchases for your mobile device. This is an area where a password becomes useful in thwarting any game upgrades that can inexplicably and rapidly occur when you lend your iPad to a child for games — as has happened to me. I am about US$40 poorer than I was before I lent the tablet, because I left restrictions open.
Tip: Apple’s device “Restrictions” are in Settings. Android controls in-app purchases in the Google Play store. Both let you set passwords, which you should not share with kids.
Step 9: Repeat
Do it all again when you’ve finished. Password cracking is all about time — how many attempts at a guess can be made over a period.
The more often the password is changed, the less likely it is to be cracked.
Want to Ask a Tech Question?
Is there a piece of tech you’d like to know how to operate properly? Is there a gadget that’s got you confounded? Please send your tech questions to me, and I’ll try to answer as many as possible in this column.