Is it time for a new Password?

In the last couple of months, ok maybe the last couple of days, we have been told of hackers “lifting” security data of millions of users on LinkedIn, GlobalPayments, Yahoo, and others. Hackers have also been compromising security protocol on programs like MySQL (a database program format) or by planting viruses or malware in programs like Facebook and WordPress blogs. Then again others like Home Depot, The New York Times, and Photobucket share data like username and other personal information without your permission (link to article).  This creates an unheathy security environment for you on the internet.

When you find out your security data or a program you have been using has been compromised, you should immediately take the time to create a new logon and password and notify the program providers if they haven’t already notified you.  Even if there hasn’t been anything in the news about your particular program, you should take it upon yourself to change your password several times a year as a good policy. Most financial instuitions already require periodic changes to passwords. By changing your password to your bank accounts, social networks, and other accesses, you are making it more secure for yourself as well as others and it gives you more piece of mind.

So what do you use as a new password?  “Thinking up a new password” doesn’t have to be hard. Here are a couple of tips and articles that might help you out.

1. Do not use your name or initials, or any of your families names or initials and that includes your pets or nicknames.

2. Do use numbers but not any that are associated with you or your family like your SSN, street address, birthdays/aniversaries, dates, zip codes, area codes, phone numbers (current or past). Do not use duplicate/multiple numbers like 777 or 999.

3. Do not use familiar words that are in the Dictionary or similar words like love or luv or 2B for to be. Computers can guess these words easily.

4. Use symbols as well – although some companies securities do not allow them – they should. Symbols are the !@#$%^&*()_+ characters. I think there are a few more as well. Don’t Just put them at the beginning or end only and ‘sprinkle’ them through out.

5. Don’t use a pattern like prime numbers, even numbers, or every third letter of the alphabet or consecutive letters like abc, doremi, xyz or 123. Things like acdc are too familiar a pattern of letters.

So how do you make up a password that you will remember if it isn’t familiar to you? Try a phrase that is personal to you. No not the actual phrase. Take for example the phrase “Playing Jazz is my life long passion.” You might use a password like PJz!ImL2Psn – it defininately much harder to decipher than say the password IluvJazz! Yet you can still remember it because of the phrase.

Here is an article I found recently that talks about using phrases in password security on the “Sovereign Man Blog”. Simon Black also references another blog below…

We live in a digital age we’re most of us have more online accounts than we can count. Some accounts contain really sensitive information like logins for you bank and credit card accounts. That is why it’s more important than ever to develop good password habits. Here’s a trick I learned to created secure passwords that are easy to remember. Slate writes:
“Right now you’re scrambling to change all your passwords. If you’re not, you should be. In the wake of a couple of massive security breaches—one at LinkedIn that nabbed 6.5 million passwords and another at eHarmony that compromised 1.5 million accounts—security experts are advising that people change their passwords at the affected sites and at every other site where you used a similar password. By now you’ve probably heard the time-worn guidelines for creating strong passwords: Don’t use your name or other common words. Use different passwords for different sites. Change them often. Choose security questions that don’t involve information that everyone knows about you, or stuff that crooks can easily find on Facebook.  For a lot of people, myself included, these rules are too much trouble.”

“The old, still very good way to fix your terrible passwords: Come up with a short phrase you’re likely to remember. Just like in school, it helps to make your mnemonic really bizarre—the stranger the phrase, the easier it’ll be to remember. For example, Kim Kardashian is the most amazing woman in all 50 states, or Mitt Romney and Barack Obama decided to make 10 waffles. Notice that my phrases use a mix of capitalized and lowercase words, and I added some numbers as well.

To make a password, just take the first letter of each word in your phrase. The sentences above would turn into KKitmawia50s and MRaBOdtm10w. Both of those passwords are extremely strong—they’re long, and they’re free of common English words that can be guessed by a computer.

You can generate different passwords for different sites by varying your phrase slightly for each one. The phrase LinkedIn is terrible at securing its passwords so it’s my 10th favorite social network will create a password for LinkedIn (LIitasipsim10fsn) as well as for Twitter (Titasipsim9fsn), Facebook, MySpace, and on and on.

Note, too, that it’s OK for you to keep similar passwords at similar sites. On sites where a password thief can’t do much damage—say, publications like Gawker and the New York Times—you can repeat the same password. You’ll want to keep your social networking accounts slightly more secure, but the passwords don’t have to be extremely different; after all, if a bad guy gets into your Facebook account, he’s not going to be able to do much more additional damage if he gets into your Twitter profile, too. So varying them slightly—as I did above—is perfectly OK, as long as you remember to change them after you hear about a breach like the one at LinkedIn.

You’ll want to reserve the most distinct passwords for sites where breaches would cause you a lot of trouble—your financial institutions and your webmail accounts, which hold the keys to the rest of your online life. (If a bad guy gets into your email, he can use the password reset feature to get into lots of other accounts, too.)”

There is more to read here >