So you’ve been building up a long list of login/passwords for years now and most likely use a life password for a lot of sites, like most people who don’t want to be driven crazy trying to remember a 100 different passwords. Most sensible people will have a unique secure password for their email, ebay and Paypal. But then one day, you hear a site you use has had their database hacked, like boards.ie yesterday.
In my case, it was computerbits that was hacked last year, which resulted in someone hijacking my Facebook account and begging my friends for money.
So don’t take it too lightly, even silly sites like Facebook can be dangerous. My Facebook password was the same as the computerbits password. Then I changed every password I could think of, and every now and then I’d think of another site that may have used the same login & password that I was very glad the hackers hadn’t tried yet. Like a lot of ecommerce sites.
It’s a major pain in the cojones, but I’d recommend setting aside a couple of hours and changing all your passwords in one go, rather than changing them one by one as you remember, possibly months later for some forgotten sites. Here’s a list to jog your memory, starting with the obvious.
- Gmail / workmail
- Paypal
- Facebook, Twitter, Flickr, Skype, LinkedIn, youtube, (social networking list)
- WordPress, Blogger, Blacknight
- Amazon, Play, Pixmania, Dell (Top 50 uk etailers)
- Ticketbastard
- ebay
- 02 / Vodafone
- Your ISP / broadband supplier
- Screenclick / Moviestar
- itunes
- Windows logon / network passwords
- Remote backup
- boards.ie, yahoo groups, creative ireland, askaboutmoney, imdb etc
Then search your email account for ‘password’ and see if you find some more. And also try an email search for your actual life password(s).
Something else you can try is: Open your browser and type the letter ‘a’, and your most used sites for ‘a’ will drop down; scan the list and see if any of the sites need your attention. Then continue through the alphabet.
But before you start the overhaul, have a look at some options for securely storing a variety of passwords, rather than using a new life password. I’d highly recommend the Firefox plugin sxxipper for remembering your passwords and it also makes it very easy to login to sites with one click. You can also use it to generate random secure passwords. Or start using a Password manager like keepass (or 1pass for mac users) which will keep all your passwords secure in one place and you only have to remember one master password.
January 22, 2010, 11:09 am
Top tip for generating passwords (which I was told by a real cryptographer)
Use an acronym
words and names are easy to guess, easy to hack
jumbles of random letters are hard to remember
so pick a line from a song, a book, a play, and turn it into an acronym. easy to remember, won’t be broken by a dictionary attack
eg “to be or not to be, that is the question”
becomes 2bon2btit?
January 22, 2010, 11:12 am
I always use made up words like Cropplejock and then disguise it, like Cr0pplej@ck (no that’s not one of my passwords, I just made it up!)
January 22, 2010, 12:31 pm
great post !
January 22, 2010, 12:32 pm
“2bon2btit?” is a great password, I think I’ll use that in future.
Anymore great tips?
January 22, 2010, 12:41 pm
passpack.com offers online password storage for ‘easier’ portability.
Another option is KeePass and Dropbox.
January 22, 2010, 4:26 pm
Useful post that. Another tip I was given is have a password that is made up of two components, one part that you remember in your head and one that changes with each site and you write down so you can remember it eg amazon might be fru1tcake, and flickr might be fru1tfrog. You’d keep a list of cake, frog, but keep fru1t hidden secret in your head.
January 22, 2010, 5:56 pm
Nice one John
January 22, 2010, 6:11 pm
Thanks folks.
That’s a good system Aileen.
January 25, 2010, 6:58 pm
I have a slowing evolving set of passwords.
I move them from site to site, staggering their use.
It works in my head anyway.
Having said that, one day I’ll fall off my bike and my entire life and existence will be lost behind a set of forgotten passwords and PINs.
February 1, 2010, 3:47 pm
Heh, Ticketbastards.
I will allow that to distract me from following the sensible advice for now.