There has been a lot of news recently concerning breaches exposing online credentials (LinkedIn, Yahoo voice, Android fourms, Yale, to name a few). Many of my friends have been asking me what should I do? Well, being in security, I think the answer is simple – treat your password like your underwear – Change them often, use new one each day, and make sure they don’t stink (or full of Sh*t).
So let’s break it down a little:
- Change them often – There is noset time limit – too frequently and it is a pain; not frequently enough then you might as well not change it. I suggest quarterly but if you can manage monthly it would be better.
- Use a new one each day – If possible, every site that you register with should have unique credentials (email, and password). Using something site specific in your password will help you remember the pwd. To create a unique email address you can use the + option (if supported) for example myemail+secureMD@gmail.com will go to myemail@gmail.com and then you can build filters and such. You also know that if you recieve spam to that address the email was either compromised or sold.
- Make sure they don’t stink – We all have been told to use non-dictionary words, not to use our pet’s name, not to use 1234, a million times so why are you still using them. If your passsword isn’t a passphrase at minimum then it is full of SH*t and stinks.
Using the above criteria I can easily create a unique, strong (at least stronger) password. For example, I could use myjune!p@sswd4mail (and no I don’t use nor suffest you use this) for my gmail account. I could then modify it several ways when I change it for the next month. For example I could use my7!password4M@1l for my july password. Picking a pattern, in this case alternating between the month name and month number, and changing the 3l33t speak I can change the password fairly easily while keeping some complexity. To be more secure you could change the base every month as well. For example I could use myjune!p@sswd4mail for June and use “JulyisH0t!4mail” for July.