Have you ever experienced having your email account hacked by someone? Have you ever asked how such attacks can happen? Or you have asked, “why me”? Well here is the painful truth: it’s due to negligence in protecting your password properly. There’s really nothing magical about account hacks believe me. An account can be easily hacked using social engineering and/or information gathering.
Passwords are our last line of defense (and most of the times, the only line of defense). Because of this premise, securing our passwords for our accounts should be given the utmost importance.
Here is my own version of the Ten Commandments of Password Security. Follow them by heart and it would be almost impossible for anyone to crack and break-in your account.
The Ten Commandments of Password Security
1. Thou shall not have one password for all accounts
– It’s best if you have a unique password for every account that you have. This will thwart hackers from accessing all your accounts if they are able to break into one.
2. Thou shall never share you passwords, nor tell anyone about it
– I think there is nothing more to explain for this one. Even if you trust that person very very (and I mean VERY) much.
3. Thou shall never write your password on a piece of paper
– This happens usually in the office wherein a new employee writes down his/her password on a Post-It note and places it beneath the keyboard, or writes the password on a scratch paper temporarily and throwing it in a common trash bin. Then comes a curious colleague and snoops underneath his/her keyboard or trash bin. Next thing you know, voila!
4. Thou shall always use a combination of upper and lower case letters, numbers and special characters: make them fUnK33!
– By doing such, it will be harder for a password brute force application to crack your password. The more combinations, the better! Imagine if your password was “apple” instead of “@pPl3”. The brute force application only needs 26 characters to crack the first password as compared to more characters with the funky password.
5. Thou shall never ever use common words, names, dates, or anything affiliated with you as your password
– Most people use such personal info as their password because it’ll be easier for them to get it embedded in their heads. The bad thing about this is because these personal information are known publicly! Need I say more?
6. Thou shall not use pass-”words” anymore; use pass-”phrases”
– Do you know that a word with less than eight characters can be cracked in just over a minute? The length of your password has an effect to it’s crackability -the longer the password, the harder to crack, that’s the idea. To make it easier for you to memorize it, think about a title of your favorite song. A sample would be All Night Long by Lionel Ritchie. Following commandment 4, our passphrase can look like this: @LLn!ghtL0ng.
7. Thou shall change all of your passwords/phrases at least every 30 days
– This is another way of thwarting a hacker to crack your code. A funky passphrase with at least 8 characters can take a month to crack. So when a hacker does get to crack the passphrase, it would be useless because you have already changed it. Oh, don’t use the old ones again! Hackers keep track of the crack passwords.
8. Thou shall always change the default password immediately
– If you are given an account with a default password, change it immediately. Passwords should only be known to you and nobody else.
9. Thou shall use password recovery questions wherein you only know the answer
– When you create new accounts, there would usually be a section in the sign-up form wherein it’ll ask you a password recovery question on how to recover your password in the event you forget it. Always opt to write your own which only you know the answer. Hackers would usually try to figure out the right answer to it, and in turn, get your password.
10. If you have to login on a public computer, thou shall immediately change your passwords of the accounts which you logged in on your own computer
– Public computers may be spiked with keyloggers by hackers. Although this may not be true most of the time, it’s better to be safe than sorry right? A little dose of paranoia can go a long way.
So there you have it folks! Stay tuned for more best practice tips!