Are Your Passwords Putting You In Danger?

November 29, 2011 By 26 Comments

A few weeks ago, someone from Turkey broke into my PayPal account.

When I got the message, I was not too happy.

In fact, I panicked for just a brief second.

How did they get into my account? Why did they choose mine?

However, PayPal was all over it and Navy SEALs were breaking down doors within hours.

OK, maybe that part was in my imagination.

But, they did immediately lock my account and no access was permitted.

Are Your Passwords Dangerous?

My PayPal scare got me thinking and re-evaluating my password setup.

PayPal was not forthcoming with details and would not provide any information on how my account was broken into.

I was fairly confident that my account was not compromised by my password. I am pretty good about not sharing passwords across accounts. Nor do I use simple, easy to crack passwords.

Still it had me pondering the issue. And looking for a better and simpler way to manage my password strategy.

Are you guilty of using dangerous passwords?

You have probably seen the recent press about the “Worst Passwords of 2011.” If this article applies to you, then you need to take immediate action to remedy your password protection.

“You wouldn’t leave your house unlocked, with the garage door up and windows open. Would you?

Yet, this is how many people leave their online access and financial accounts.”

You may need better passwords if you…

- Use the Same Password for Multiple Accounts – Do you have 1 password that you use across all your accounts? If someone gets your password, can they get into all of your accounts?

- Use Simple Words or Your Kids’ Names - Is your password, “PlayGolf2011?” Or, “SamMaryKatie?” These passwords make your account much easier to crack.

- Never Change Them – How long has your online banking password been the same? Change it at least once a year. Every six months is better.

- Store Them in Unsafe Places – Do you “hide” your passwords in easy to find places? In a Word doc called, “passwords?” Under your keyboard at work? Or taped to your laptop?

If these sound like you… you are living dangerously.

You need better passwords.

Secure Those Passwords

Why do we want to secure our passwords?

Well, for one, passwords are a large source of wasted time.

Especially, what I like to call self-inflicted time management. In other words, we cause ourselves a lot of problems with our passwords.

How much time do you waste:

- Trying to remember your passwords?

- Trying to retrieve them?

- Resetting lost passwords?

- Trying to make up new passwords?

And you will waste a lot of time when one of your accounts is compromised.

Here are 5 Tips For Better, Safer passwords:

  1. Get a Password Manager - There are many great ones out there. Use a software app to manage your passwords and more importantly to store them in a safe format.
  2. Use Difficult Passwords – Stop using simple words and names for your passwords. A better password than “PlayGolf” is “N4s%pBRg7!”
  3. Change Them Regularly – Don’t leave your key passwords the same for extended periods. If you must, choose a time each year that you change all of your passwords.
  4. Don’t Use the Same Password – Most people use 1 password for all their accounts. Don’t let this be you.
  5. DO IT TODAY - This is one of the tasks that people put off. They will get to it someday. But, it will catch up to you. Fix your passwords before you have a problem.

Psst, What’s Your Password?

By being smart about your passwords, you will save yourself time and avoid life friction.

It will take more time to clean up after your passwords are compromised, than to set safe ones in the first place.

Stop back tomorrow if you want to see how I manage my passwords.

I will introduce you to a powerful tool that will allow you to safely, securely, and most importantly,  effortlessly manage your passwords.

Are you guilty of using unsafe passwords? How do you manage your passwords?

Filed Under: Technology
  • http://www.timokiander.com/ timokiander

    Craig,

    Do you use any specific password manager? I’m looking for one right now.

    Cheers,

    Timo

  • http://www.timokiander.com/ timokiander

    Craig,

    Do you use any specific password manager? I’m looking for one right now.

    Cheers,

    Timo

    • TMNinja

      @timokiander Check back tomorrow! :)

      I will share the password setup that I currently use.

    • http://www.cloudproductivity.net/ joomux

      @timokiander I use LastPass. It’s free, super easy, generates passwords for you and remembers them! It can also automatically log you in to sites. I probably have about 100 or more logins stored there. Oh, and it sync’s to the cloud so you can use any browser an any computer and you’re in!

      • TMNinja

        @joomux@timokiander You and are in agreement!

        Love LastPass… see my next post on how I use it…

        http://tmninja.us/vwXFbV

  • bfgreen

    I’m a huge fan of KeePass (http://keepass.info/). It’s free and Open Source and also available for PC, Mac, and Linux. For bonus points you can host the tiny encrypted database file it uses in your private DropBox folder for online access (and synchronization) from anywhere! It’s been working for me for years. I have no idea what some of my passwords are they’re so strong, and as Craig says why bother?

  • bfgreen

    I’m a huge fan of KeePass (http://keepass.info/). It’s free and Open Source and also available for PC, Mac, and Linux. For bonus points you can host the tiny encrypted database file it uses in your private DropBox folder for online access (and synchronization) from anywhere! It’s been working for me for years. I have no idea what some of my passwords are they’re so strong, and as Craig says why bother?

    • TMNinja

      @bfgreen I have not tried KeyPass, but hear good things. :)

      I am a big fan of LastPass at the moment.

      LOVE your comment about not even knowing some of your passwords. I have no idea what some my account passwords are… even when I log in. :)

      • bfgreen

        @TMNinja thanks Craig. I’ve used KeePass for more than five years now, on just about every platform and with a sync’d database stored in my own secure cloud. I believe that KeePass was initially developed by Bruce Schenier as an open source effort, but when he had no more time to develop it he opened it up to the online community that ran with it – that is pretty cool.

        So, with that said I have this to add. After watching the security now videocast with Steve Gibson (GRC) I have switch completely to LastPass! That’s pretty drastic IMHO. Not only that, I’ve subscribed to the premium version for $12 a year, not specifically to get more features, although the iOS access is nice, but more to support the future development of the product.

        And finally, yes I have dozens, possibly hundreds of passwords that are so strong and electronically generated that I have no idea what they are – and I’m fine with that! Occasionally my wife will ask me what my password is for XXX and I tell her, “I have no idea” which results Ina bewildered stare :)

        After many years of dedicate use of KeePass (which is still excellent) I have made the switch to LastPass and love it.

        Have a great weekend :)

  • http://www.lifeofasteward.com/ Loren Pinilis

    I just use “password” as the password for all my accounts. Easier to remember.

    Just kidding.

    Why do you think there’s a benefit to changing passwords? I mean, I can understand why people give that advice. But do you think it increases your security? That’s one thing I don’t do that perhaps I need to start doing.

  • http://www.lifeofasteward.com/ Loren Pinilis

    I just use “password” as the password for all my accounts. Easier to remember.

    Just kidding.

    Why do you think there’s a benefit to changing passwords? I mean, I can understand why people give that advice. But do you think it increases your security? That’s one thing I don’t do that perhaps I need to start doing.

  • http://www.lifeofasteward.com/ Loren Pinilis

    I just use “password” as the password for all my accounts. Easier to remember.

    Just kidding.

    Why do you think there’s a benefit to changing passwords? I mean, I can understand why people give that advice. But do you think it increases your security? That’s one thing I don’t do that perhaps I need to start doing.

    • TMNinja

      @Loren Pinilis I am glad you were kidding. :)

      Having good passwords is the first line of defense.

      However, changing passwords is a good practice in case there is a compromise. You may not lose your password, but maybe the vendor/website gets hacked and someone makes off with a “old list” of usernames and passwords. For example, my local gym sent out letters that an old computer had been stolen that contained members account info.

      If you are changing your password every 6 months, you are less susceptible to this type of loss. Of course, it is just one more measure to try and stay safe. :)

  • TMNinja

    @timokiander Check back tomorrow! :)

    I will share the password setup that I currently use.

  • http://www.cloudproductivity.net/ joomux

    @timokiander I use LastPass. It’s free, super easy, generates passwords for you and remembers them! It can also automatically log you in to sites. I probably have about 100 or more logins stored there. Oh, and it sync’s to the cloud so you can use any browser an any computer and you’re in!

  • WayneWilliams

    I’m surprised you didn’t mention the 3 part code method. A lot of people are starting to use this because it is secure and easy to remember. For example a password for this site might be “Fishnja21″ and a password for the NY Times website would be “Fishmes21″. In otherwords, you use a keyword (in this case “Fish”) and then the last three letters of a websites name before the .com (in this case “nja”) and then a set number. Of course if someone knows the first code word (Fish) and that take the first or last 3 or 4 letters of a site name and the number then you’re completely compromised. However, that’s why there are three parts and, to me, very secure. Just don’t write it down for someone to find.

  • WayneWilliams

    I’m surprised you didn’t mention the 3 part code method. A lot of people are starting to use this because it is secure and easy to remember. For example a password for this site might be “Fishnja21″ and a password for the NY Times website would be “Fishmes21″. In otherwords, you use a keyword (in this case “Fish”) and then the last three letters of a websites name before the .com (in this case “nja”) and then a set number. Of course if someone knows the first code word (Fish) and that take the first or last 3 or 4 letters of a site name and the number then you’re completely compromised. However, that’s why there are three parts and, to me, very secure. Just don’t write it down for someone to find.

    • TMNinja

      @WayneWilliams Interesting method. Interesting system. Hadn’t seen that exact method before. :)

  • TMNinja

    @WayneWilliams Interesting method. Interesting system. Hadn’t seen that exact method before. :)

  • TMNinja

    @Loren Pinilis I am glad you were kidding. :)

    Having good passwords is the first line of defense.

    However, changing passwords is a good practice in case there is a compromise. You may not lose your password, but maybe the vendor/website gets hacked and someone makes off with a “old list” of usernames and passwords. For example, my local gym sent out letters that an old computer had been stolen that contained members account info.

    If you are changing your password every 6 months, you are less susceptible to this type of loss. Of course, it is just one more measure to try and stay safe. :)

  • TMNinja

    @bfgreen I have not tried KeyPass, but hear good things. :)

    I am a big fan of LastPass at the moment.

    LOVE your comment about not even knowing some of your passwords. I have no idea what some my account passwords are… even when I log in. :)

  • TMNinja

    @joomux@timokiander You and are in agreement!

    Love LastPass… see my next post on how I use it…

    http://tmninja.us/vwXFbV

  • bfgreen

    @TMNinja thanks Craig. I’ve used KeePass for more than five years now, on just about every platform and with a sync’d database stored in my own secure cloud. I believe that KeePass was initially developed by Bruce Schenier as an open source effort, but when he had no more time to develop it he opened it up to the online community that ran with it – that is pretty cool.

    So, with that said I have this to add. After watching the security now videocast with Steve Gibson (GRC) I have switch completely to LastPass! That’s pretty drastic IMHO. Not only that, I’ve subscribed to the premium version for $12 a year, not specifically to get more features, although the iOS access is nice, but more to support the future development of the product.

    And finally, yes I have dozens, possibly hundreds of passwords that are so strong and electronically generated that I have no idea what they are – and I’m fine with that! Occasionally my wife will ask me what my password is for XXX and I tell her, “I have no idea” which results Ina bewildered stare :)

    After many years of dedicate use of KeePass (which is still excellent) I have made the switch to LastPass and love it.

    Have a great weekend :)

  • Pingback: Keeping Track of (and Decluttering !) Passwords | Organize for a Fresh Start

  • Pingback: Are your online passwords safe? Some tips for improving the security of your online accounts |

  • Pingback: Daily Lounge » Blog Archive » Guy Tries to Hack Facebook for a Job and Gets 8 Months In Jail