Tip: How to secure and test your passwords

secure-password-580x367Passwords and data leaks are so common nowadays that you can’t be sure about what site was last hacked. In the last couple of months, users from big companies such as Last.fm, Linkedin, Yahoo!, Blizzard Entertainment and even Sony got hacked and their personal data exposed.

A Last.fm password hack doesn’t seem particularly harmful but the truth is that most people use the same login/password for every site they have an account on. That means if someone got your password in Last.fm, they’ve possibly got your Gmail and PayPal passwords, and use your information for an identity theft and account hijack.

Here are a few tips to make your digital life a bit safer.

How not to be a victim of password theft (or at least make it tougher for account hijackers)

Internet Security 101 is as simple as having a few different login and password for your favorite websites. Three usernames, each with different passwords is a good and easy idea: one super tough for those extremely-important-accounts, another not as difficult for your social network sites and public profiles, and one easy cheasy for those accounts you don’t mind at all. The most secure option would be to have a different password for each site, but logins and passwords are almost as forgettable as phone numbers.

If you’re a paranoid parrot and really want an OMG password for your most important accounts, the GRC | Ultra High Security Password Generator allows you to create strings of random printable ASCII characters, not just alphanumeric. There’s a problem though if you don’t remember strings like w$:s;Sw43,89V}0G+E_TvK=, but once you save it in your browser you won’t have to type it in again. And if you’re worried that someone will steal your computer and hack your accounts, worry not! You can always erase your stored passwords with Prey’s Secure module.

If you chose to create your own passwords based on things you like or you’ll easily remember, keep in mind most single user password hacks are made by bots using brute force—randomly trying dictionary words again and again.

Passwords like 123456, password,qwerty or using your date of birth are easily remembered, but also easy guessed. You could use dictionary words, but include caps, numbers and non alphanumeric characters such as dots, commas, colons, semicolons or question marks. For example, Where;is:the!B4throom? is a very strong password and not that hard to learn.

As a tip, try using the first two letters of things you really, really like—songs, movies, videogames, etc. For someone that is nuts about “Whole Lotta Love” by Led Zeppelin, LeZeWhLoLo’69 is a very strong password which includes the first two letters of each word of the band’s name, the song, an apostrophe and the song release year—all the things a true fan would know—this also follows our previous guidelines: caps, numbers and non alphanumeric characters. Too easy? Go and test it at How Secure Is My Password.

I can’t even remember my cellphone number, how am I supposed to get three different passwords?

Our memory works in some mysterious ways and not all the people are equally gifted. Luckily for them there are password manager apps that store security and discloses it using a single password—anyway, you do need to create and remember at least one and it better be strong. If you’re going to a password manager app, we recommend LastPass. It’s free and works on Windows, Mac, Linux and a variety of mobile devices; it saves and encrypts your passwords on your computer, which is more secure than a browser’s default saving option, making brute force attacks pretty useless.

If you choose to use LastPass, you can generate insanely strong ASCII passwords using GRC, generating a different password for each of your accounts.

Too long, I didn’t read the whole post

Here’s a quick summary of what’s a good practice, keeping your passwords safe and secure.

  • Many sites have been hacked lately and their user’s data exposed.
  • Using the same login and password for every site allows hackers to hijack all your accounts.
  • Use strong, different passwords.
  • If you can’t remember then all, try LastPass

Fabián Núñez

Head of Sales and Customer Happiness at @preyproject. I love tech and Asian food. Headbanging since 2002. Overall badass.