It would take a desktop PC about 157 billion years to crack your password
(Image by Aaron Winborn) Details DMCA
It's exasperating to be instructed by yet another annoying pop-up window that my password needs to have a few additions to make it safe: a number, a special character, and an Egyptian hieroglyphic. (And for added security, I should add a differential equation and a Cyrillic cuss word!)
Somewhere along the line, it feels like my brain refuses to take another step. And that's before I record all of these unique passwords somewhere "safe," because who could remember all of them?
And they are usually quite safe, even from me.
Below is a portion of Aaron's response to a friend who asked for advice after his email had been hacked, which Aaron posted in his blog:
After, and only after, you have scanned your computer for viruses, then you can get on with the business of securing your accounts against identity theft.
Treat the security questions as passwords in themselves, as these are most commonly used to hack in to an email account. That means that you should not use anything resembling what they actually ask for, such as your mother's maiden name or your first dog. That can be discovered with Google these days.
Next, a word about passwords. As you may have heard by now, you need to have a password that cannot be guessed. Unfortunately, that is not enough. You also need to have a mix of cases, at least one number, and a special character, such as a punctuation mark.
Additionally, you need to have a different password for every account that you have.
I cannot stress that last paragraph enough. It is too easy for a hacker to get into, say an account with a forum, and use that to get into your Wells Fargo account. For instance, to use myself as an example, about six years ago, I accidentally broadcasted my password into a chat room, and about two weeks later, I got an email from a woman wondering where her Gucci bag was that she had purchased from my eBay account. It turns out that someone in Russia had hacked into my eBay account and listed about 100 fake Gucci bags.
I know that this sounds daunting, but it is necessary. Fortunately, you can use what is called an algorithm to remember your dozens of new passwords that you'll need to create. You can use that to create a new password for any site, and you will always remember it. Additionally, it will be secure for all intents and purposes.
Basically, you will choose a passphrase, modify and, and apply it to any site. For example, and please do not use this example, let's say you choose "apple" as your passphrase. We will modify that to have a punctuation mark and a number, so that it will be "@pp1E". Then you would append that to the 1st 4 characters of whatever site that you are creating an account for. For instance, for eBay, your password would be "ebay@pp1E", and your Hotmail account would be "hotm@pp1E". This will make your passwords immune to so-called dictionary attacks, where they try to figure out your password by entering random words from the dictionary.
Much easier to remember, right? And for your financial accounts, I would suggest creating yet another algorithm, as an extra layer of protection.
You can apply this same idea to those security questions that you see everywhere. Basically, you do not want to actually use a real answer, because it is far too easy for a determined hacker to read about that experience in your first car that you posted in Facebook. Instead, treat them with the same respect as your passwords. For instance, you might create an algorithm with your grandmother's cat's name that you apply to a site's question for referring to your own pet.