Advice from Middle Aged Female Tech

Hollyecho Montgomery - 812-779-6088

Women's Computer Consulting

https://hollyecho.com

I have been in the industry with my own company since 1994. The entire time I have worked in this field there have been very few times any two techs ever agree completely. The advice I give here is based on my experiences, testing, and what I know works.

Today‟s Subject: Passwords

Why are so many passwords forgotten, and what lessons can we take away to improve our own security, both online and off?

Its true, instances of hacked account skyrocketed in the past couple of years. Hackers are taking to breaking into email accounts and then using those accounts to send spam to the contacts listed in that account, this is on the increase, in my opinion on the use of IMAP/webmail use, they (hackers) are not hacking your computer, just your email online to make these changes, no need to even access your computer to do this, it is done online through the webmail accounts (yahoo *hardest hit*, Hotmail, Juno, ect..) Not only is a legitimate account more likely to bypass spam filters, but contacts are more likely to open email that came from the account of someone they know.

That's not what I'm discussing here today. This is much more mundane, basic, and yet still much more common.

People forget their own passwords. (I have, and I know you have)

When I hear the backstory to a forgotten password scenario, there are a couple of frequently reoccurring characteristics:

The individual is a relatively new or inexperienced computer user.

They're in a hurry. ***most often***

Never wrote it down ANYWHERE (main password can be put on your monitor, especially in your home, hackers CAN NOT SEE the rim of your monitor! (yes, I have been asked that) = sorry I digress.

In my experience, new users have an underappreciated sense of just how picky computers are about your entering the exactly correct password, and perhaps in an effort to make their password secure, they've chosen something obscure and coincidentally difficult to remember exactly. They don't realize just how easy it is to forget the exact password that they've chosen.

More troubling are the folks who are in a hurry. For various reasons, they want an account and they want it now. As a result, having to set up a password is more of an annoyance than anything else. Certainly no extra time is spent setting up a good password, much less committing it to memory. (More often than not, these are the accounts with passwords like "1234567." They are also more likely to be hacked.)

The common thread is simple: taking security – particularly your password – seriously from the beginning is critical.

Unless, of course, permanently losing access to your account isn't something that you'd consider serious. "I know of people who've not had to enter their password to login for years." Or they have IE or Firefox remember it for them, this is NOT secure, nor is it reliable. I have had customers believe that the URL dropdown is their „favorites‟ and will be there forever. Very wrong thinking, backups, DO NOT you‟re your passwords in IE and Firefox. Routine cleaning of the computer you will lose them.

The classic "rules" for password are frustrating in that they seem to be crafted specifically to make passwords impossible to remember:

Passwords should be at least 12 characters long.

Use a mixture of character case and type (letters, numbers, spaces, special characters *ie !@#$*).

Don't use words or names.

Don't use the same password on more than one site. (though even I have broken this rule)

Yikes! If you're only allowed to use passwords like "P5S0Dk@!i2Yd", "#zJCahT0kAA3" and "4Jy%zsX6H9!^", and you're not allowed to re-use them, then it's no wonder we can't remember them all! Even when choosing something slightly less secure than those rules, the best of us would fail miserably without help of some sort.

Technique 1: The algorithm

One approach to generating memorable (or "remember-able") passwords is to use an algorithm or a set of rules to create all your passwords. For example:

Begin with a memorable quote (or phrase or song lyric or ...)

Use the first (or last or second or ...) character from each word in that quote

Add into the middle (or beginning or end or ...) the first and last characters of the domain that you're setting a password for.

So, let's say I use the first 10 words of The Gettysburg Address:

Four score and seven years ago, our fathers brought forth

Now, I'll use the first letter of each word:

Fsasyaofbf

Let's say I'm setting up a new Hotmail account, so I might use the first and last letters of the domain (hotmail.com) and I'll insert them into the middle:

Fsasyhlaofbf

Given that you always remember your own algorithm or password generating rules and always remember the phase or song lyric or quote you start with, then regenerating almost any password you created using those rules is a snap.

Technique 2: The pass phrase

Longer passwords are better. In fact, the longer the password, the more acceptable it is to break some of the other "rules" associated with passwords.

Enter the pass phrase – a sequence of words (yes, dictionary words) that you can remember that is significantly longer than your old eight- or 12-character password, and spaces count as “a character”, such as “I passionately hate hackers!” yes, this can be a „password‟ 28 characters, and LEAVE the spaces, and use spaces when typing it in. It has all the rules most sites require, 1. A Captial – 2. A non-alpha-numeric *the !*, and 3. More than eight “characters.

For example, the passphrase "I passionately hate hackers!" would be considered a better password than, for example, "P5S0Dk@!i2Yd" by virtue of it being significantly longer – 28 characters as compared to 12.

A passphrase doesn't have to be "weird" or nonsensical – although I suppose it helps – a good, lengthy passphrase can be anything that you would easily remember.

No problems making it unique to each site, either. Modifying your passphrase in a site-specific way, for example " I passionately hate hackers in Hotmail!," works great.

The frustrating downside to passphrases is that they don't work everywhere. Many sites, for inexplicable reasons in today's world, limit the length of passwords to something silly like 16 characters or so. Sometimes*rare*, they don't accept spaces. These limitations often prevent us from using secure passphrases for some logins, requiring us to fall back to more traditional and often less secure techniques.

Technique 3:

Admit you need help – call, email, or search the website in question for “reset password”.

I admitted defeat when it comes to my memory long ago. I use a password storage tool: Lastpass.

The concept here is simple: remembering a single, strong password to unlock the vault, the tool contains a database of all my other logins and passwords and works within my web browser to enter them automatically as needed, or on demand.

Lastpass remembers so I don't have to.

Tools like Lastpass are significantly more secure than allowing your browser to just remember your passwords for you. Lastpass was built for security from the ground up. Without your master password, your vault is inaccessible and Lastpass can be configured to require you to supply your master password every time; after your computer's been idle for certain amount of time or after your browser's been closed and re-opened.

There are other password programs out there, do a google search and peruse on them.

My daughter puts ALL her passwords in a excel file, named (I can‟t tell you, she would kill me) lets just say she calls it Mom‟s Silly Sayings. In other words, naming it something that has no relation. Yes, excel files can have a strong password set to open them also. Copy it and keep it on a flash drive or another computer for backup – ALWAYS, always back up.

Take it seriously from the start

The real bottom line to not becoming "one of those people" is to take your account security and password seriously from the moment you open your account.

Select a technique that you know will allow you to remember or regenerate it as needed.

Choose a strong password – the longer the better.

Make sure to properly set up (and remember and keep current) additional account security options such as mobile numbers, secret questions, alternate email addresses and more.

Above all, take your time and do it right from the start.

I am always about saving money and not spending it on things you don't need to

Remember ANY questions, email me at: Montgomery@Hollyecho.com. I