Your Password Sucks and You Are Going to Get Hacked
Tuesday, April 26, 2011 at 5:22PM Admit it: you basically have one password you use for everything. Maybe sometimes you get clever and switch a number or two around. Maybe you are really advanced and have two or even three different passwords you use in different places. Whatever your password strategy, unless you have a completely unique password for every site and service you use you are a juicy target for fraud.
I know you're thinking, "It could never happen to me." After all, how common are major site compromises anyway? Today Sony announced that their entire PlayStation Network has been compromised. This includes names, addresses, email addresses and password for every person with an account. It may also include credit cards. Here we see a non-academic danger of shared passwords. If one of these hackers has your email address and a password, why not try that password to access your email. Once they have access to your email, why not start using the "Forgot Password" function of different websites to start reseting your passwords to other sites, like Facebook or even your bank. Of course, reseting those passwords isn't even needed if you use the same password everywhere.
Sony's massive failure of IT security clearly illustrates the need for unique, high-entropy passwords for every account you have. The problem here is that good passwords are very difficult to remember. A more secure password will contain more characters, and more types of characters. For example:
- "111" is a terrible password. It's short, and is nothing but repeating characters of a single set. It's also one of the most used passwords used because people can remember it. That doesn't make them lazy or stupid. It just means they think a short password they can remember is a gamble worth taking.
- "JT3GJEYzLmd4<hq6^K{64F}L=pzRCg" is a terrific password. It has lots of characters. Those characters are diverse (lowercase letters, uppercase letters, numbers and symbols). It's also basically impossible to remember. Even if you could memorize it, do you think you could memorize a password of that complexity for every account you have?
So what do we do? None of us wants to be a victim of identity theft or fraud, but we also can't mentally process the best, easiest solution we have to many common security vulnerabilities–unique, high-entropy passwords.
There was a time when I generated unique, high-entropy passwords for every account I used and memorized them. For frequently accessed accounts, I also changed these passwords often. As I've gotten a little grayer in the beard, I've lost that ability to commit so many complex passwords to memory. In the last two years I'd fallen into the habit of reusing passwords. They were good passwords, but a password isn't good anymore if it is reused. Remember Sony.
I now use a tool called 1Password. It's become as near and dear to me as my beloved Dropbox. 1Password is a an application that creates a secure. encrypted database to store information in. The primary purpose is password storage, but financial data, software licenses and even notes can be stored. When you use 1Password, you create and memorize one lengthy, high-entropy but memorable password. From then on, you use 1Password to create and store your passwords for every other account you use.
1Password is flexible enough to handle the different requirements regarding password length and character set different organizations will mandate. It's also easy to search and categorize these passwords. 1Password is available in Mac, Windows, iPhone, iPad and Android versions. Best of all, you can use Dropbox to sync your password database across all your computers and supported devices.
Stop gambling that companies will protect your privacy and information. Take matters into your own hands and try 1Password today. You won't regret it.
