It is absurdly easy to get hacked. Chances are most people will get hacked at some point in their lifetime. The best they can do is delay the inevitable by avoiding suspicious links, even from friends, and manage their passwords. How do you come up with different, hard-to-crack passwords for every website and still remember them all? Here were some tips from Jeremiah Grossman, chief technology officer at WhiteHat Security, and Paul Kocher, who runs Cryptography Research.
Forget the dictionary
If your password can be found in a dictionary, you might as well not have one. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.
One site one password
While cracking into someone’s professional profile on LinkedIn might not have dire consequences, hackers will use that password to crack into, say, e-mail , bank or brokerage account where more valuable data is stored.
Come up with passphrase
The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.
Just jam on keyboard
For sensitive accounts, Grossman says he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. “That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don’t know it.”
Store passwords securely
Do not store your passwords in your in-box or on your desktop. If malware infects your computer , you’re toast. Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorized. He keeps password hints, not the actual passwords, on a scrap of paper in his wallet.
Ignore security questions
There is a limited set of answers to questions like “What is your favorite colour?” Hackers use that information to reset your password and take control of your account. So, enter a password hint that has nothing to do with the question itself.
Use different browsers
Grossman says, “Pick one browser for ‘promiscuous’ browsing: online forums, news sites, blogs — anything you don’t consider important. When you’re online banking or checking e-mail , fire up a secondary web browser, then shut it down.” That way, if your browser catches an infection when you accidentally stumble on an x-rated site, your bank account is not necessarily compromised.