by Paul Salzer
Passwords are like the keys to your house or car. Whereas physical keys give you physical access to something, passwords give you digital access. Unfortunately, software locks, like the locks on most doors, typically don’t know who’s trying to get through. It only knows that if the password fits a predefined set of identifiers; it should let you pass. And just like a key, it doesn’t matter how complicated your password is, if someone already has a copy of the key.
Fortunately for us, the same techniques that we use to prevent people from taking our keys can be used to protect our passwords as well. The most important of these techniques is to of course not give them to someone to begin with, even people you supposedly trust. For example, I could give my keys to my friends while I’m off on vacation so they might housesit. Not only do I open up the possibility of having my friends use my house for things I’m not aware of, but I also increase my chances that my keys might be stolen from my friends’ care. The same can be said of passwords. And, would you ever give your car keys to someone dressed in a police outfit without proof of identification (which could be faked by the way)? For this reason, you should never give your password even to someone claiming to be from IT Support.
And don’t forget to upgrade your locks periodically. For computers, this means updating your software and virus protection. This also means testing your computer for vulnerabilities when possible. Just as with physical locks, computer technology has improved over time. As thieves have become more and more cleaver, so has the technology to stop them. Things that were easy to get pass in the past are more difficult to overcome now. What good is fortifying a door that can still be opened with a credit card wedged into the side?
Another technique that is useful is to have different passwords for different accounts. I’m sure many of us have a drawer in the kitchen full of keys, or possibly even a key ring lying about. Imagine someone finding this stash of keys. It would take longer for that person to find out which key opened what lock if there were many different keys to go through. Hopefully, by the time they sort out those keys and before they took anything of value, you will have already changed the locks. Having one password for every account is like having a master key lying around for someone to take. Once they have such a key, that person has access to everything you are trying to protect.
Granted, having many keys is hard to maintain. Sometimes you even forget yourself what key goes with what lock. In cases like this, you can do what I do with my lesser used keys or passwords. For passwords that I don’t use often, I put them in a file and keep that file locked with its own password. It’s like locking your keys in a lockable file cabinet. I also label the passwords in that file with something that only I would recognize. For example, Launchpad1 could be label for the password I use to access a forum about model airplane building. That way, if a potential thief were to gain access to your password file, they would still struggle to locate what sites associate to what password, where as I would not. Again, this technique is for lesser used passwords. Hopefully this translates to lesser need for security on that password. Important passwords, like important keys, need to be kept with me at all times, even if it is difficult to remember what that password is.
This brings up an interesting point. Sometimes, sites will give you a series of personal questions so that you can reclaim your password if you forget it. Be careful as to what questions you select. You might be surprised as what information is readily available about you. Your Facebook account, for example, might have a picture of your dog with its name in the caption. You might inadvertently announce who is your favorite writer in a Tweet from six months ago. Or your posted resume might include the street you lived on as a child. All these are personal questions that might give someone access to your password.
I recommend jumbling up the answers to the questions. Have the first street you lived on be your best friend’s parrot. Have your first pet’s name be your sibling’s name instead. Have fun and be creative. Just remember what you answered to what question. Better still; make sure that all your password changes are sent to an email or SMS messenger that you update and maintain often. And try to avoid using email accounts like Hotmail, Gmail, or Yahoo Mail for password notifications. It’s easy to let your account expire because there is no activity and for someone to then take that account from you. And if you set up your bank account to send passwords there, it’s just a few clicks in most cases for someone to get your account password. Having passwords sent to a free email account this is the equivalent of having a Hide-a-Key, where if a person knows where to look, they can get your key and get into your house or car.
Just be mindful of where you keep your keys and your passwords. Don’t leave them around for people to find. Make sure they are still secure from time to time, and change the locks if you feel they are not secure anymore. When it comes to security, a little common sense goes a long way.