It’s officially time to do a reality check on all of your passwords.
Did you see the chaos when high-profile Twitter accounts were recently hijacked and used to send out messages in the names of those folks? How embarrassing.
Creating a Great Password
So, how many of us are using passwords from the list of 500 worst passwords?
Now that you know that “password” isn’t a good choice, here are a few tips for creating a password worth using.
- No real words = important. As you saw on the list of 500 worst passwords, most of them are real words, which can be cracked by fraudsters with very little effort. Avoid real words that can be found in a dictionary (in any language) or any proper nouns.
- Long passwords = essential. The fewer the characters, the easier it is to compromise. Choose a memorable password that’s at least 8 characters long. To make it even stronger, make it a “pass phrase” instead of a password. “brownfox” is borderline. “thequickbrownfox” is better.
- Mixed case = good. This adds another level of difficulty for fraudsters to guess your password. Try changing “thequickbrownfox” to “TheQuickBroWnFox.”
- Misspelled = better. While your English teacher wouldn’t approve, misspelling your passwords is a great way to add complexity: “ThuhQueekBroWnFoxE.”
- Added numerals and symbols = best. You could mix some numbers in there like “ThuhQueekBr0WnF0x3” or-even better-use the first and/or last letter of each word, mixed with numbers. For example, the full phrase: “The quick brown fox jumped over the lazy dogs” becomes “TQbF70TLd$.”
Keep it Secret!
Now that you’ve got a worthy password, be sure to keep it safe.
- Don’t use the same password for everything. If someone happens to crack your code, you could suffer serious compromises across all accounts.
- Avoid typing your password on shared computers. Keyloggers and other programs can allow others to harvest typed data from any computer to which they have access. So, consider your environment when logging in to anything from Internet cafes, libraries, or other shared computers.
- Don’t save your password anywhere. Most of us know better than to write it on a Post-it and stick it anywhere near the computer, but some of us may save passwords on sites or in files on networked computers-which isn’t safe.
- Change it from time to time. The better the password, the longer you can keep it-but that doesn’t mean it should stay static forever. Set yourself a reminder to update your passwords on a regular basis. If it’s been awhile since you changed your Second Life password, you can do so here.
- Don’t share your password. Do not give your password to anyone. This means friends, family, loved ones or Linden employees. Pets too, you never know.
Below are a few other sources online to help increase your password protection and general password safety knowledge.
- Secure password management tools: http://en.wikipedia.org/wiki/Password_manager
- Microsoft Password checker:http://www.microsoft.com/protect/yourself/password/checker.mspx
- Very technical, but interesting article on password strength: http://en.wikipedia.org/wiki/Password_strength
- Tips for making tough “shocking nonsense” passwords:http://www.linux.com/articles/28057
- Good overall reference: http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/
- Other tips for strong, memorable passwords:http://www.microsoft.com/protect/yourself/password/create.mspx
(please note: The “blank password” option should NOT be used for Second Life.)
If you’d like to discuss this further in the forums, join in the discussion here.