Nice, Hot Email Password Security for the Holidays
Password security is a hot topic right now, largely due to the Gawker hacking incident. It is hotter than a nice, warm mug of eggnog & rum. So before I sign off for the holidays (eggnog & rum, eggnog & rum!), here’s my advice on password security...
IMHO, there are two problems with our passwords (I’ll use the collective “we,” because I too have been guilty of weak passwording):
1. The password is insufficiently complex.
The number one password of the hacked Gawker accounts was 123456. Number two was password. Number three? 12345678. Check out the Wall Street Journal for more Gawker password stats.
2. The same password is used for multiple sites.
Sure, you don’t want your Gawker account hacked, but you definitely don’t want your banking, email, or social media accounts hacked because your Gawker account was hacked; that’s the risk with redundant passwords. Check out the news item we posted yesterday.
Why do we use easy passwords for multiple sites? We are impatient! Log us in now, now, now! Actually, log us in two seconds ago!
Also, we are lazy.
In reality, it’s easy to create strong passwords, and they will barely slow us down.
Our friends at Mozilla posted a video on YouTube with a method for creating strong passwords. Here’s their advice (rephrased à la Jane).
1. Select an easy-to-remember phrase: Kill two birds with one stone
2. Replace any numbers (or letters that sound like numbers) with actual numbers: Kill 2 birds with 1 stone
3. Take the first letter of each word to shorten your phrase: K2bw1s
4. Add some special characters: &K2bw1s%
5. Use this password for multiple sites, BUT add a distinct suffix for each site. For instance, add “:fb” to create your facebook password: &K2bw1s%:fb
Voila, your new password.
Using this method ensures that your password uses letters (upper and lowercase), numbers, and special characters, making it a complex password. Adding suffixes makes it distinct for various websites.
Microsoft offers similar advice, as well as a password checker for evaluating the strength of your password.
&K2bw1s%:fb tested as “Strong” according to Microsoft. Adding nine more characters at the end of the password tipped it into the “Best” category. (Microsoft recommends passwords to have at least 14 characters.)
I’m signing off. Enjoy your eggnog for now, but let’s resolve to be password secure in 2011.
– Jane Bolton Lacombe
Jane is the Product Marketing Coordinator at Messaging Architects.
