In the aftermath of Heartbleed, don’t simply change all your passwords from “password” to “password1”.
Choosing easy-to-guess passwords is pretty much the biggest security blunder you can make, but people keep doing it. Every time hackers release a fresh batch of stolen passwords, the most common passwords tend to be “12345678”, “QWERTY”, “letmein” or the ever-popular “password”.
If these sound like your passwords then you’re asking for trouble. They’re the first passwords hackers try when they’re out to break into your account. The next thing they do is cycle through the dictionary, so you should never use a single word as your password, however obscure. Hackers are also awake to tricks like substituting numbers for letters, such as “p4ssw0rd”. You’ll need to do better than that.
Don’t use the names of your kids or your pets either, as such things are easily discovered online. Birthdays, sports teams and nicknames are also terrible choices for passwords, however easy they are to remember. After Heartbleed, which let hackers steal passwords from supposedly secure websites, you have to wonder how many foolish people will be forced to rename their cat “Fluffy1” just so they can remember their new favourite password.
Coming up with good passwords is tough, especially when you’re not supposed to use the same password more than once. If you have reused passwords then Heartbleed becomes an even bigger threat. Reusing passwords means you don’t just have to change your passwords on every website which was vulnerable to Heartbleed, such as Google, Facebook, Yahoo! and Dropbox. You also need to change your password on any other website where you’ve reused one of those passwords.
For example, Google was affected by Heartbleed but Apple’s iTunes wasn’t. If Heartbleed hackers get their hands on your Google password then they might try using your Gmail address and password to log into iTunes. While they’re at it they’ll try Facebook, Twitter, PayPal, Skype and lots of other services. Would they have any luck if they tried this trick on you? If so, Heartbleed presents a good opportunity to rethink your haphazard approach to choosing passwords.
The best passwords look like gibberish to anyone else but are easy for you to remember. Phrases or lyrics make a good starting point. For example, consider the first lines of Three Blind Mice. Use the first letter from each word and throw in upper and lower case letters along with numbers and punctuation. You might end up with something like; TbMtBM*ShTr*65 – a strong password which is easy for you to remember but hard for anyone else to guess, or a computer to crack.
Different combinations help you come up with a range of passwords for different websites, but keep in mind that any of your passwords could fall into the wrong hands one day. If your Google password is “TbMtBM-Google” then hackers won’t have too much trouble guessing your iTunes, Facebook and Skype passwords. You need to be smarter than that.
Don’t be lazy when it comes to your online security. If it’s all too hard, take a look at a password manager like LastPass or 1Password which can create strong passwords and remember them for you. Developing your own secure password strategy takes a little time and effort, but much less time and effort than it takes to pick up the pieces after hackers take control of your digital life.