Secure Value

Image by Bohman via Flickr

Other more complex security and privacy protections don't work if you are not using passwords correctly ... they are your key to security!

I have read more than my fair share of "how to protect yourself in social media" type articles lately (see a good one with links to other good ones at http://www.nateriggs.com/2009/10/how-to-protect-yourself-from-the-social-web/ ) from none security professionals.  These posts discuss protecting your location, creating a family password (like the you say Thunder then I say Flash challenge response) and other very commonsensical kinds of actions to protect your online self.  Most of them forget the basic fundamental password.

So without any more preamble.  Use strong passwords.  They work.  And when you don't use them you can be attacked (See a story on Twitter's corporate accounts being hacked all becwith a loss of tremendous confidential data all because of poor password use).

Use passwords that are at least eight characters long and include a mix of at least 3 of the following character types:  uppercase letters, lowercase letters, numbers and special characters.  (WHY?: Following this practice means that guessing your password means working through more choices making guessing both practically and mathematically  more difficult.)

But doing that makes it harder to remember, too, right?  And most people don't use good strong passwords because they are hard to remember and so because of convenience (or laziness) prefer to type "1234" or "GOBUCKS!".  What to do?

Be thoughtful about how you use and mix these characters (##Pa$$W0rd!! is easier to remember than d$a#aabe and because it is longer mathematically harder to guess):

• Substitute numbers for letters and vice versa (0 instead of O, 4 instead of A, 1 instead of L, 3 instead of E, $ instead of S and so on).
• Substitute words for numbers (one for 1, two for 2, and son on).
• Use capitalization haphazardly (passWord is stronger than password or PASSWORD).
• Use special characters in front of (##password), to end (password$$) or to punctuate or separate words (password!! or pass#word).

Have some fun.  Use these combinations to create words of phrases that are easier to remember:

• ##LuckyDuck$!!
• $$Give8100dPlayRug8y

And then use your passwords like you do your house, car and office keys:

• Never communicate them over the phone, in an email or over IM (or twitter for that matter!).
• Log off (lock the door) when you are done with a site or stepping away from your computer.
• Change your password if you suspect suspicious behavior (it is good to be a little paranoid, no?).
• Do not allow your Internet browser to save your password (if you lose control of your laptop, netbook or PDA whoever gains controls has control of your entire digital world).
• Do not share your passwords with anyone.
• Don't use password hint functions (where you select a challenge like mother's maiden name and you provide an answer) or if you are forced to don't use real data (select mother's maiden name and you provide an unrelated answer like Guinness, but honestly you are liable to fake yourself out on that one so tread lightly).

If you still have trouble remembering you have 2 choices:

• Don't be shy about hitting the "forgot password" button. (It is more secure to have a password reset sent to your email address than it is to use a simple, easy to use password).
• Use a password manager like KeePass Password Safe which is a "free, open source, light-weight and easy-to-use password manager".

This sounds so simple.  Yet, it is such a serious topic.  It isn't the only line of defense, but it is an important one and because of human nature (entering passwords does feel like such a waste of our time) an underused line of defense. 

As an executive and online citizen, don't be a victim because you didn't want to invest a small amount of time to do something simple and highly effective.  As a business owner, make sure you have policies in place to expect the proper use of passwords by all of your employees across all of your systems and applications.