Passwords: Srs Business

Tweet this link on Twitter if you want others to read it.

You guys, seriously. Seriously, you guys. Password security is super-important.

I know you’ve heard this a lot, but given the preponderance of accounts that are “hacked” due to weak passwords or other poor practices around password security, it appears that at least some of you are not listening. While this list isn’t exhaustive, it’s got a few highlights.

DON’T share your password with people. No matter how strong your password is, if someone else knows it, it’s no longer a “secure” password. We see folks writing in who had a “co-owner” on their Twitter account (against our recommendations) and after a disagreement, the co-owner locked them out of the account.

DON’T use a word that can be found in the dictionary as your password (and don’t use 123456, either!). If you want or need help managing passwords, check out @1Password or @lastpass; both are robust password management systems that will generate and store passwords for you. There are a number of other options as well, but I’ve used both of those successfully.

DON’T use your significant other’s name, your child’s name (if you have one) or your pet’s name.

DON’T type your username and password into sites that you’ve arrived at via suspicious links! Might be worthwhile checking non-suspicious links too, honestly. Double-check that address bar to make sure that you’re really at the website you mean to be at, and if in doubt, type the address into the address bar directly.

DON’T use the same password on multiple sites or for multiple accounts on the same site. One compromise can lead to many others.

REMEMBER: security questions can be a point of vulnerability! If someone’s specifically targeting you, answers to questions like what city you were born in and what high school you went to can often be found online. For extra security, try lying about your answers to security questions (but, of course, make a note of what your lie was in, say, @1Password or @lastpass). Your favorite color? Totally houndstooth. If you have the option to create your security questions, don’t create questions where the answer can easily be found through a bit of Googling.

BE AWARE: “skeleton key” passwords, where part of your password stays consistent across multiple sites and part changes based on the specific site, can be broken if someone determines what the key and pattern is. Then, suddenly, all of your passwords are broken and you’re left sobbing and wondering why you didn’t use different passwords at each site.

SIGH, you’re still using the same password on multiple accounts, aren’t you? If you refuse to use different passwords for each site, at least try tiering – use the same password for sites that you really don’t care about and that don’t have any information on you, a more secure password for sites that you sort of care about, and multiple passwords for your most important sites – email, banking, etcetera.

HELPFUL HINT: Need help thinking up a secure non-dictionary word password but don’t want to use a password manager for whatever reason? Use song lyrics and take the first initial of each word in a line – thus, “Lucy in the sky with diamonds!” can become “Litsw/d!” Capitalization and punctuation can go a long way to increase security and if you’re not using a password manager, song lyrics are more memorable.

QUESTIONS? Seriously, this page is really great. Read the tips for your sake and for mine.