So, it’s my turn to blog again, and while Apple preventing the Palm Pre from syncing music with iTunes was a very tempting topic, I kept on reading my news feeds this morning to find something even more interesting and just as predictable: Twitter employee’s Gmail is “hacked”, and confidential information is compromised. I placed the word “hacked” in quotes in order to point out that his Google account was not “hacked” in the traditional sense of the term; someone simply guessed his password.
Now would be the appropriate time for you, my dear reader, to think about your own Gmail/GoogleApps password, and decide whether or not it is easily-guessable by a would-be attacker. Here’s a quick guide to ensuring password security:
- Never EVER use a word from the dictionary as your password. I can’t tell you how many times I see people use words like “petunia” or “screwdriver” as their password. The convenience of remembering the password isn’t worth the risk of an attacker using a dictionary attack and (almost) instantly compromising your sensitive data.
- Avoid sharing a single password on multiple websites. OK, I’ll admit it; I violate this one on some of my personal stuff. But, it’s really only with sites that I couldn’t care less if someone got into it. I have a standard I-don’t-really-care password for trivial sites like forums and news sites, and lots of no-one-will-ever-guess-this passwords for email, banking, etc.
- You can find all sorts of sites telling you how to create a secure password, but I like this simple method: create a sentence you can remember, and then use the first letter from each word in the sentence to generate your password. You may even do some fun stuff like substituting numbers and symbols for letters in order to make it even more cryptic. Just make sure the resulting password is sufficiently long and not dictionary-based. Oh, and make sure the sentence is memorable enough that you don’t need to write it down on a sticky note.
Given the amounts of money that can be siphoned from even a single attack, criminals can afford to spend lots of time trying to guess your password. It’s definitely worth your time and effort to ensure the security of your sensative information.
