Jul 21, 2009

Twitter Employee Gets Hacked: Dont Let It Happen to You

A Twitter employee just learned a very hard lesson. The employee's personal e-mail account was hacked, and now, the Internet is abuzz because documents—both personal and business related—are being circulated in the blogosphere. Apparently, he (or she) used the same password on multiple accounts. Sound familiar? Thing is, this isn't the first person to fall victim to such an attack—and it certainly won't be the last. In fact, during the recent hubbub, we also learned that the e-mail account of Twitter's chief executive Evan Williams' wife was hacked, which led to his own PayPal and Amazon accounts being compromised.

With all of this going on, it seems like the perfect time to have yet another chat about password security. How many passwords do you have? How many of those passwords do you actually remember? More importantly, are they secure? My answers to these questions would be: lots, some but not all, and, well, some but not all, respectively. Yes, I've been known to be quite lax when it comes to choosing passwords—and I certainly know better. I realized this after reading one of our stories about common passwords (and no, I won't say which one of these I used).

We know it can be a pain to create and manage all of your passwords, but it's important. Very important. Identity theft remains a top concern for consumers. As such, we need remain vigilant about protecting our personal information. That's why we've put this guide together. All you need to know about passwords is right here!

Roundup: Password Managers
Never forget passwords again with these eight password managers—tools that remember and replay all your complex passwords for you.

From updating your MySpace page to transferring money between bank accounts, all manner of online activities require you to log in with a username and password. Proper security practice demands that you make each password different and use random combinations of characters, like "f*&WQb28." But in the real world, you can't remember those, so you wind up either writing down your strong passwords on a Post-it you hide in your desk drawer, or you use "rosebud" for every site. What you need is a password manager—a tool that remembers and replays all your complex passwords for you. That way you need memorize only one complicated password—the one that opens the password manager. (see full)

Should You Write Them Down?
It used to be conventional wisdom among security experts that you should never write your passwords down, but thinking is changing on this. Roger Thomson, a respected anti-malware expert, thinks you should write them down, and PCMag security expert Larry Seltzer agrees, to an extent.

New Thinking About Passwords: Write 'Em Down

It used to be conventional wisdom among security experts that you should never write your passwords down, but thinking is changing on this. Roger Thompson, a respected anti-malware guy, thinks you should write them down. I've seen this from other people and I do it too, to a degree.

As Thompson says, it's not just that you should write them down, but that you should have a lot of them and write them down. It is far more secure for you to have a variety of passwords, so that if any one of them is compromised the damage can be limited. If you write them down you can better handle a larger number of passwords. (see full)

10 Most Common Passwords: Stay Away!
If you recognize yours, you may as well hand over your wallet or purse to the first person you see on the street.

  1. password
  2. 123456
  3. qwerty
  4. abc123
  5. letmein
  6. monkey
  7. myspace1
  8. password1
  9. link182
  10. (your first name)

Ulanoff Speaks: Take My Passwords, Please
It's time to kill passwords in favor of smarter, safer technology.

I'm dead, dog tired of trying to conceal my passwords—almost as exhausted as I am by trying to memorize and recall all of them.  I have dozens of passwords, and, to be quite honest, they're not even good. Then again, whose are? They're variations and repetitions on a theme—essentially, stuff I can remember. I'm safe for now, but if someone figured out one part of my useless encryption system, my password lattice would crumble faster than a house of cards. (see Full)

PCMag's Premium Utility Download: Password Profiler 2
Our own utility cuts your form-filling time down to seconds and makes remembering usernames and passwords a thing of the past. (Yes, there is a charge.)

No comments: