Security expert Bruce Schneier has a new post on Boing Boing, “Choosing a Secure Password,” and it couldn’t be more timely. When I happen to learn what even smart and sophisticated people choose as a password, I’m often shocked. Shocked! It’s happened to me a lot in the last year.
I’m relatively thorough about my password choices, and even methods that I thought reasonable (if not great) can turn out to be quick work for hackers in 2014. So read the post, and if you don’t have time to do that now, here’s the gist:
My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “
tlpWENT2m“. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence — something personal.
And don’t think that your website and social media accounts are exempt from these requirements! First, your reputation is at stake, and even a prankster could do serious damage by posting or commenting as you. Second, if you’re using a similar password scheme for multiple sites, the stakes could be even higher.
Often accounts shared within an organization are the worst, in my experience, because multiple people need to remember the password and the person setting up the account doesn’t want to be bugged every time somebody forgets their password. It’s a bother to change them, and then get everybody on the same page about it, but the alternative is much more bothersome.
Now, change those passwords!