How many times has this happened to you?
You're staring at a flashing computer screen, an ATM, a debit machine or smart phone and you're drawing a blank on your password. You knew it a moment ago. But now, you're just not sure. And the people sighing, groaning and tapping their feet in line behind you aren't helping you remember.
It happens to me about once a month. And it's probably going to get worse, now that CBC has told us we have to change our passwords every three months. I have to enter a password at least five different times when I boot up my CBC computer every morning. Faced with that sort of challenge, many of us are tempted to take shortcuts. And that's what hackers are counting on.
Recently a company that specializes in on-line security produced a list of the most popular passwords. You'd think popular means secure, right? Wrong.
The list included such obvious choices as: 123456 and 12345, depending on the number of digits required for your pasword.
Then there are standby passwords assigned by the IT experts who might have to fix your computer or internet connection. Those passwords include: "changeme" and the ever-popular: "password". Of course, the IT people expect you to take the subtle hint from the temporary password, and actually change it. But an alarming number of us don't. Let's face it, some of us are lazy.
Some of us think we're smarter than hackers, and that by picking a ridiculously easy or obvious password, they'll never guess. Wrong.
If you have something of value locked up behind a password, whether it's money, information or just your reputation, a hacker may try to get it. Some of them will try to "phish" for it, sending you a message suggesting your password has already been compromised, and inviting you to change it, with their help. These phishing attacks used to be clumsy and obvious. But thanks to photoshop and a little criminal ingenuity, they're getting much better.
I recently got an email from the bank I actually deal with. Or at least, it looked that way. There was a helpful link in the email where I could go confirm my identity and "fix" my password. Fortunately on the real website for my bank, there was a warning about this very phishing attack.
Phishing counts on you being careless or gullible. Hackers also rely on you being generous with your personal information. For instance, how many of you use your spouse's name as your password? Your kid's name? Your dog's? How about the place you were born?
A determined hacker will try all these permutations and combinations in an effort to guess your password. So while using a familiar name as your password can help prevent brain freeze at the check-out, it's not very secure.
The best advice I've heard from security experts is to come up with a password that incorporates both upper and lower-case letters with some numbers and symbols thrown into the mix to make it harder to hack. The only advice I would add to that is if you're going to incorporate symbols in your password, make sure they're symbols that you can find on the keyboard of your smart phone if you use it to access your accounts.
So if you shouldn't use obvious passwords and you shouldn't use names from your family history, how should you craft your password?
"I have 2 cats named Charles and Diana."
That sentence is silly. (It's also not true.) But just think about how much silly stuff sticks in our memory. Need proof? Think of all the dumb commercials you remember, just from watching TV.
Back to my silly sentence. It's silly enough it might stick in the memory. It has eight words, including two proper names, which begin with capital letters. If you use the number 2 instead of writing it out as two, you have a symbol as well. Take the first letters -- or numbers -- from that sentence and you come up with the eight-digit password: Ih2cnCaD.
It's not perfect, but you get the idea.