I read with amazement not too long ago, the story of how a hacker broke into the company records of the top management at Twitter. He did it in part by exploiting common passwords mistakes made my Twitter employees.
How many of these mistakes do you make?
- Use the same password on every site. Imagine if everybody in your neighborhood had the same front door lock. A thief who stole your keys would have access to the contents of every house on the block. We don’t do it with keys and you shouldn’t do it with passwords. There are tricks you can use if you have trouble remembering lots of different passwords.
- Use “password” for your password. Or your username. Or your birthdate. So many people do this that when hackers are trying to guess your password, they often try these obvious ones first.
- Write your password on a piece of paper and post it on your computer. You trust your co-workers and your family members, but don’t forget that occasionally strangers (e.g., repair people, cleaning people, clients you don’t know well, etc.) may be near your computer.
- Make it too short. The more characters your password has, the better. Most applications require at least six to eight.
- Make it too weak. A good password should be a random collection of characters; it should never spell out a real word. Instead, it should include upper and lower case letters, numbers, and special characters like “^” or “%”.
- Assume it’s okay to have a weak password on your e–mail account. People often think, “It’s only my e-mail. Who’d want to hack into my discussions with my spouse about what movie we’re going to see?” That part is true. But it’s also true that when you forget a password, most applications e-mail you a link that let’s you reset. Some actually even e-mail you the forgotten password. A hacker in your e-mail could get access to another more important account that way.
- Keep the same password forever and ever. Hackers can be a patient bunch. Keeping the same password gives a would-be hacker months, weeks, even years to guess it.