Thing 7: Security and Phishing

Click through for the entire comic : xkcd.com : Password Strength

Welcome back to Thing 7 in our ongoing series about technology. (Find previous installments over at the tag for the series.) 

The basics: 

The comic linked above highlights some of the issues with computer passwords - we've all got lots of them these days, but many password systems aren't secure, and they rely on us using our brains. Picking too simple a password (or one that other people can easily guess) is a problem. Reusing passwords is a problem. Being unable to recognise phishing (people manipulating us to give them passwords or information) is a problem.

What you can do: 

• Learn more about passwords and password security. 
• Learn how to pick secure passwords. 
• Change your passwords regularly (at least 2 times a year: 4 is probably better.) 
• Don't reuse passwords. 
• Consider using a password storage tool for your passwords. 
• Learn about phishing (see the section below.)
• Learn how to keep learning about this topic.

The last one is especially important: there are a lot of things on the horizon that are possibilities for security in the not too distant future. I've linked to some information about two-factor authentication below, which is one tool we may see a lot more of. 

Some resources: 

Pick good passwords: Some passwords (password, 12345678, etc.) are amazingly common. Don't use them.

More secure passwords mix numbers and letters. There's research suggesting that the most secure passwords are a combination of short common words that together are nonsense (as illustrated in the comic linked at the top of this entry.) However, not all places that want passwords will allow this (a lot of places require numbers or non-letter characters, or won't allow spaces.)

If you want to create random passwords, my favorite trick is to take a line from a song or piece of poetry, take the first initial of each word, and replace some of them with numbers. It's fairly easy to remember, hard to crack. This video from Mozilla's security folks has some other approaches.

(Bad ideas: Any of the common passwords or methods found in this infographic link.)

Keeping track: There are tools out there that allow you to store your passwords securely (and therefore use much longer or more complicated ones - most of these tools ) LifeHacker has an overview of different approaches and comments on their security.

(Bad way to keep track: writing it down on a slip of paper under your keyboard. Just don't.)

Learn to avoid phishing: Phishing is when people get you to tell them your password or other identifying information. Sometimes it's by sending an email pretending to be from a bank or other place you do business asking for your password. Sometimes it's a little more complicated. The OnGuardOnline.gov site has a great explanation of phishing, and the rest of the site has good information. There are even games you can play to test your knowledge (the one for phishing is over here.)

(Bad ideas: Responding to a message with your password or other identifying info. If you think it might be legit, contact them through some other method - calling them, going to the company website and finding a contact form, etc.)

Further reading:

• Lifehacker explains two-factor authentication. 
• How elite security folks handle passwords
• Anatomy of a hack : discusses how people crack passwords. 
• How building larger wordlists from unlikely sources opens up more password attempts.

 

Things to try: 

1) Read about some tools you're not already using.

2) Figure out which important passwords could use some updating. (And do that.)

3) Think about whether a password manager or other tool would be a good fit for you, and try one out.