Today is Change Your Password Day
One of the most common security problems XMission faces with our customers are insecure passwords. Today marks “Change Your Password Day”, pushed forward by a writer at Gizmodo. XMission supports this because it is not only important to have secure passwords for the services and websites you frequent on the Internet, it is equally important to change them with regularity. Especially the ones you frequently use. Here are some “pro tips” for keeping your passwords secure.
- Use a “password manager” that enables you to use a different password for every website you visit, but store them securely. My favorite is LastPass. Although LastPass had a security issue last year, using a complex password for subsequent encryption of stored passwords overrides their data being compromised.
- Passwords should be a minimum of eight characters. The more characters you use, the harder it is to “brute force” crack your password. With processing power increasing, it has been possible in some cases to crack eight character passwords in short order by trying every possibility. The more characters you use, it gets exponentially harder to crack. A simple tactic to expand your password length is come up with a personal pattern for mixing words together, simply mixing words is not enough. So a bad password would be “chesscheeseeagle”, but this could be made into an excellent password with patterning “^^^^chess444CHEESE801eagle###”.
- Some say dictionary words should be avoided altogether, and a password manager can do a good job of coming up with completely random passwords. Using the mixed word strategy above should only be used for passwords you have to memorize. A random password like “NmX5WCpPQwjRpuyUIjm86R4T” is vastly more secure than one using words, but for those of us who lack superhuman memory, patterned words are easier.
- Two step verification like what Paypal and Google offer adds an additional layer of security upon well crafted passwords. Both of these services have smartphone “apps” which you can use to operate them.
- For system and website administrators, using an SSH Key is far more secure than a password. All SSH capable shell and file transfer programs can handle keys instead of passwords. Use them!
- Remember that XMission and most professional websites will not ask you for your password in email. Any request is most likely an attempt by someone to gain access to your account and information. Lack of awareness and “social engineering” is a very common security hole. People’s good faith and trust is often the weakest part of computer security. Be aware and verify before giving out any personal information or passwords.
I hope these tips are helpful to keep your personal data secure and safe. Happy Change Your Password Day!