6 simple tricks for protecting your passwords
By Maria Korolov Follow
Network World | Dec 22, 2014 3:00 AM PT
*** begin quote ***
We all know that the current username-and-password system is broken. With Russian hackers reportedly sitting on over a billion passwords, and new breaches hitting the news on a regular basis, it’s fair to assume that if hackers don’t have your password already, they’re about to.
“Most websites and companies require passwords that are at least eight characters long, contain lower and upper case characters, a number, and one or more special characters,” says Vincent Berk, CEO of network security firm FlowTraq.
These kinds of password policies have actually reduced security overall, argues Jacob West, CTO at HP Enterprise Security Products. “We need to bring some sanity back to our password policies,” he says. “A human will never be able to meet these requirements.”
*** and ***
1. Letter substitution cipher: a=b
2. Letter substitution cipher: a=s
3. Never write down encrypted passwords; banana, not nsmsms
4. Use earworms to your advantage: Wheels on the bus go round and round
5. The mnemonic code: a=alpha
6. Add site name to end of password: banana-twitter
*** and ***
One popular alternative is to use a password management tool that keeps all your passwords in an encrypted file, usually in combination with apps on your desktop, laptop and mobile devices.
*** end quote ***
I have used all of these at one time or another.
I think LASTPASS with a complex master password written no where is “good enough” for my non-financial passwords. The few financial ones I have memorized.
AND … …
For those sites who use “security questions”, Users should treat those just like passwords. Do NOT use real answers.
Happy New Year!
# – # – # – # – #