in web

Life password overhaul

So you’ve been building up a long list of login/passwords for years now and most likely use a life password for a lot of sites, like most people who don’t want to be driven crazy trying to remember a 100 different passwords. Most sensible people will have a unique secure password for their email, ebay and Paypal.  But then one day, you hear a site you use has had their database hacked, like boards.ie yesterday.

In my case, it was computerbits that was hacked last year, which resulted in someone hijacking my Facebook account and begging my friends for money.

So don’t take it too lightly, even silly sites like Facebook can be dangerous. My Facebook password was the same as the computerbits password. Then I changed every password I could think of, and every now and then I’d think of another site that may have used the same login & password that I was very glad the hackers hadn’t tried yet. Like a lot of ecommerce sites.

It’s a major pain in the cojones, but I’d recommend setting aside a couple of hours and changing all your passwords in one go, rather than changing them one by one as you remember, possibly months later for some forgotten sites. Here’s a list to jog your memory, starting with the obvious.

  • Gmail / workmail
  • Paypal
  • Facebook, Twitter, Flickr, Skype, LinkedIn, youtube, (social networking list)
  • WordPress, Blogger, Blacknight
  • Amazon, Play, Pixmania, Dell (Top 50 uk etailers)
  • Ticketbastard
  • ebay
  • 02 / Vodafone
  • Your ISP / broadband supplier
  • Screenclick / Moviestar
  • itunes
  • Windows logon / network passwords
  • Remote backup
  • boards.ie, yahoo groups, creative ireland, askaboutmoney, imdb etc

Then search your email account for ‘password’ and see if you find some more. And also try an email search for your actual life password(s).

Something else you can try is: Open your browser and type the letter ‘a’, and your most used sites for ‘a’ will drop down; scan the list and see if any of the sites need your attention.  Then continue through the alphabet.

But before you start the overhaul, have a look at some options for securely storing a variety of passwords, rather than using a new life password. I’d highly recommend the Firefox plugin sxxipper for remembering your passwords and it also makes it very easy to login to sites with one click. You can also use it to generate random secure passwords. Or start using a Password manager like keepass (or 1pass for mac users) which will keep all your passwords secure in one place and you only have to remember one master password.

  1. Top tip for generating passwords (which I was told by a real cryptographer)
    Use an acronym

    words and names are easy to guess, easy to hack
    jumbles of random letters are hard to remember

    so pick a line from a song, a book, a play, and turn it into an acronym. easy to remember, won’t be broken by a dictionary attack

    eg “to be or not to be, that is the question”
    becomes 2bon2btit?

    • I always use made up words like Cropplejock and then disguise it, like Cr0pplej@ck (no that’s not one of my passwords, I just made it up!)

  2. “2bon2btit?” is a great password, I think I’ll use that in future.

    Anymore great tips?

  3. passpack.com offers online password storage for ‘easier’ portability.

    Another option is KeePass and Dropbox.

  4. Useful post that. Another tip I was given is have a password that is made up of two components, one part that you remember in your head and one that changes with each site and you write down so you can remember it eg amazon might be fru1tcake, and flickr might be fru1tfrog. You’d keep a list of cake, frog, but keep fru1t hidden secret in your head.

  5. I have a slowing evolving set of passwords.

    I move them from site to site, staggering their use.

    It works in my head anyway.

    Having said that, one day I’ll fall off my bike and my entire life and existence will be lost behind a set of forgotten passwords and PINs.

  6. Heh, Ticketbastards.

    I will allow that to distract me from following the sensible advice for now.

Comments are closed.