My middle-schooler is amused with the “complicated” password on my iPad. “Why don’t you make it simpler?” she asked me.
“If you think THAT’S complex,” I smiled at her, “you should see my email password.”
The days of “password123” are long gone. That kind of password can be cracked in seconds. In fact, the bad guys can cycle through billions of guesses per second. If you want your digital assets to stay safe—including your bank account, your intellectual property, and your social good standing—here are five rules you need to follow.
1. Go far beyond the “8 character wall.”
Passwords with 8 or fewer characters are worthless. Even though there are trillions of password combinations, a determined hacker with a botnet (or even a legal cloud computing platform) at his disposal can crack it in seconds. Make it 12 characters, and it suddenly takes far more resources and time (on the order of centuries) than the hacker will deem it worth. See for yourself.
2. Create unique passwords. One for every site.
Hackers love going after innocuous sites because they know that people often use the same password across more valuable sites, like their bank. Plan for the eventuality that one of your accounts will get stolen: never use the same password twice.
3. Get creative. No, MORE creative.
Browse this list of the 100 most common passwords found in a batch stolen from Adobe. If your password is on there—or, more importantly, if your password is even barely recognizable as English—it’s not secure enough.
4. Change your passwords every six months. Religiously.
Again, assume that one of the sites you use will be hacked. The next best protection is to habitually change your passwords. (Interestingly, Microsoft and the National Institute for Standards and Technology disagree with me. They believe that changing passwords is irrelevant and results in lost productivity, and that the economic value of the effort spent to protect accounts is, on aggregate, greater than the losses that accrue. Still, I’d rather not be in the statistically small pool that is hacked!)
5. Use a secure Identity Management service to simplify your life.
These services give you the ability to manage your passwords from one location. Further, by using machine-generated passwords, they create passwords that are not in the 100+ million list of human created (and, therefore, potentially replicated) passwords. What’s more, they automatically change passwords for you and store them in an encrypted. The challenge? If you forget the master password, you are toast! Perhaps, a small price to pay for your security.
(Aside: We’ll have one for you from Intermedia soon!)
April 26, 2024 update
After a decade, its fun to see an update on this topic from Hive Systems, whom I have no relationship to. My 2013 recommendation that you use 12 characters still stands—you are protected for 164 million years!