Password Security

Yea, this has little to do with Photography….and everything to do with my day job as a web developer, but password security is such a big issue that I’ve got to say something.

What are the best passwords? Long, random passwords. How do you remember them? You probably can’t.

Believe it or not, hackers use password cracking algorithms that assemble data about a person; old phone numbers, relatives, pet’s names, birthdays, schools, addresses and then combine them with the most common passwords, so the further you can get from what is normal the more secure you are.

But First – Don’t re-use usernames/ passwords

One of the biggest security holes is reusing the same usernames and passwords on multiple websites. If any website you use is hacked, hackers will try these usernames and passwords on other sites, so the little website that gets hacked could open up your info on the big important site. And whether it’s Home Depot, Target, or your camera club that gets hacked, if you’ve re-used that usernames/ passwords you are vulnerable.

Secure passwords is only as secure as where you’ve written them down. 

If they are on your computer and your computer gets hacked, your passwords get hacked. If your list gets stolen, your passwords are hacked.

Written down lists can be stored under lock and key, kept on secure and encrypted thumb drives and/or secured with password managing programs. A handwritten piece of paper or notebook is only as secure as where it’s stored. In the tech thriller (and one of my favorites) The Girl with the Dragon Tattoo it’s a password hidden under a desk blotter. That doesn’t mean that a list isn’t a good solution, but be really careful with that list.
or
using  computers to store complicated passwords that leaves you at least one uncrackable password you need to remember. But one or even a few is lot easier to keep track of than many.

A freestanding program you install on your computer such as KeePass. The advantage of these free-standing programs is you don’t have to trust anyone else, though of course you’re trusting a program that’s too complicated for most of us to understand. But Consumer Report’s recommended it.

Or there are a number of programs that you store your password online. LastPass,  1password.com and a bunch of others. Here’s a recent article from PC Magazine listing a bunch.

Password creation and remembering tricks:

  • Several randomly chosen words. Use a dictionary, make it random.
  • The first letter(s) of a long phrase. For example, ‘Wttpoalsdoivroaasaac4rs2isap’ is very secure but you could probably remember to type the first letters of  ‘We travel together, passengers on a little spaceship, dependent on its vulnerable reserves of air and soil, all committed, for our safety, to its security and peace.’ (Adlai E. Stevenson)

Other security holes:

Don’t email passwords or  store passwords in email, especially a poorly secured cloud based email ( Yahoo, AOL or Hotmail). If email gets hacked, your password get’s hacked.

As for sending passwords to others, old school dictating over the phone is pretty secure, LastPass premium offers shared options, you can use a one time message senders online  such as 1ty.me as well as some secure ways to send email.
Since many websites will email you a password, when you do get a password via email change the password right away.
Change passwords often, especially on important sites like your password programs, financial sites.
If somehow someone has hacked into one of these systems and you don’t know it, changing the password will lock them out. And needless to say if someone has left your employee or your life and has access to important passwords, change them. Even if you don’t think  they would be malicious change them for your security and to keep suspicion from falling on them and necessarily damaging the relationship further if you do get hacked. 
When in doubt about a security compromise, change the password(s).

Online Security in General

Though I really wanted to address password security the bigger theme here is overall online security. When sharing sensitive information online:

  1. Use a modern and up to date browser. If you want to surf on something else or, as is often the case, your company’s internet is on an ancient version of Internet Explorer, don’t use the old browser for sensitive info.
    In descending order of security this would be:

    1. Chrome
    2. Firefox
    3. Safari
    4. Internet Explorer.
  2. Make sure the site is secure – All of the above browsers will display a lock icon in the browser bar.
  3. Don’t save credit cards on websites (if you can avoid it) and be suspicious of sites that insist you save cards. It takes a few more seconds to type a credit card and you can save time by storing them in keepass or on your encrypted thumb drive.
  4. Though secure browsing should close things down, be careful on public wifis as well as what you do on your phone or tablet.

Lastly I’m not inventing this stuff. I took most of this from Consumer Reports article ‘Hack-proof Your Passwords’. Consumer Reports aren’t super geniuses, just folks who use common sense (and don’t take advertising so aren’t influenced by advertisers). You won’t get pro photo advice from Consumer Reports, but you’ll get a camera that takes descent shots. Same with password security. Following this advice won’t make you a security expert, but you’ll lock out the average hacker who wants to steal your money.

About Tom Hart

North Jersey and New York City photographer, web designer and developer that helps organizations get noticed.. Learn more Tom Hart .
This entry was posted in tech. Bookmark the permalink.