Wednesday, February 6, 2013

the Best Password Tip Ever for Online Security

the Best Password Tip Ever for Online Security

Imagine you're about to log into (or sign up for) a popular service, using a screen like this:

login with facebook or twitter screen

You click the Login with Facebook option, because it's easy - one less password to remember. (and that ubiquitous blue and white F is everywhere..)

But this site is a spoof, made by hackers and thieves to look just like a regular site. When you input your Facebook information, they now own 3 very important pieces of your life:

  1. Your password
  2. Your email address
  3. Your Facebook account

If you use the same password for most (or all) of your websites, like most people do, you're screwed. (It doesn't matter that your password is long and complicated if you give it to them!)

1.) Your password

First thing they'll do is visit the major banks' websites - Bank of America, Wells Fargo, Chase Bank, etc., along with the major investment bankers, and see if that email address and password combination gets them in. If it does, you can kiss your money good-bye.

2.) Your email address

Next they'll log into your email account to look for any other accounts they might have missed. You know those confirmation emails you get when you sign up for online account management? If you archive those so you have a copy in case you ever need it, the bad guys now have a copy too. And of course they'll look for other emails where you might have reset your password along the way, so they can find multiple versions of your passwords.

3.) Your Facebook account

If the first two weren't enough, they may use your Facebook account to try to trick your friends and family members into sending "you" money and/or their own personal information.

Being Smarter with your passwords

Obviously it would be better to have a different password for every website you visit. But, you can't be expected to remember dozens of long, complicated passwords. And if you write them down, or keep them in your computer or online, you're just giving a treasure chest to the thief who gets there first..

One Password to Rule Them All

(yes, that's a Lord of the Rings reference. But I haven't seen the Hobbit yet..)

Here is an easy, step-by-step guide to making a really complicated password, easy for you to remember, that's different for every website.

1.) Get a catch phrase. Think of a phrase that's a few words long and contains a number.

  • Labron, #6 - Best Player Ever
  • Motley Crue Rocked in '87
  • My 2 boys are Awesome!
  • 122 degrees is too hot! (that was the hottest temperature ever in Phoenix)

2.) Shorten that catch phrase down to letters (upper and lower case), numbers, and symbols.

  • L#6bpE
  • mcR'87
  • m2baA!
  • 122^itH

This is your new Base Password. Learn it. Know it. Live it.

3.) Customize it for each website by using that website's name. You can do this by adding the website's first letter to your base password, or by adding the number of letters in the website's name, or any combination of attributes. Here are some examples:


  • add a "y" to the beginning of your base password, and a 6 (# of letters) to the end: yL#6bpE6
  • add a "YA" (first 2 letters) to the end of your base password: L#6bpEYA
  • add a "y" to the front and an "a" to the end of your base password: yL#6bpEa

Facebook (using the same 3 options as above):

  • fL#6bpE8 (added an f in front, 8 in back)
  • L#6bpEFA (added 1st 2 letters, in caps, at end)
  • fL#6bpEa (added 1st letter in front, 2nd letter at end)

4.) Make a note of your new password, if you must, using shorthand.

I keep a list of all my sites' login information (in a secret place!), because sometimes websites don't allow special characters, or sometimes I have a username instead of an email address, or for whatever other reason the password plan might not be perfect. But I NEVER write out my full usernames or passwords - I use abbreviations just to remind myself.

For the 1st Yahoo! example above, I might make a note that says:

  • Yahoo RE y6

RE (stands for Regular Email address is my username)
y6 (y at the beginning, 6 at the end)

Anyone seeing a note that reads: "Yahoo - RE - y6" won't be able to hack into my account.

That's it. An easy to remember catch phrase becomes a unique for each site, impossible to crack series of passwords.

If you're using this system and someone hacks your Facebook account - who cares? You might be able to have your password reset, or you might even have to delete that account and start over. But you won't have to worry about your retirement account disappearing!

laptop locked up tight
image credit - Microsoft Clipart

Bonus Tips

* Check the URL. Before you input your login information into a website, even if it's a site you use regularly, check the URL at the top of your browser to make sure it's right. If something doesn't look right, try exiting the page and hand-typing the correct URL instead.

* Check-Ins are Bad. When you check-in on your social media site, you're letting people know you aren't home. Even worse are those short, quick posts like:
Family movie night - Yay! The kids are so excited to see the new Spider Man! :-)
You just told the whole world that you're not going to be home for a couple-few hours. Seems like a great time for a bad guy to let himself into your house, no? Better to hold off on this post until AFTER the movie, and let everyone know how much the kids loved the movie instead..

* Think. Treat your online security like you do your offline security. Lock your doors, don't be gullible with strangers, be observant of your surroundings, don't put yourself in danger's way, etc. We teach these things to our kids, and then spend a lifetime practicing them. But then we act completely differently online.. Doesn't make sense.

It's not hard to think of a catch phrase, and it's not hard to change your password on most sites. Hopefully you take action on this, and start protecting yourself and your family today.

Please feel free to call, email, or comment below if you want to discuss this further..

-Chris Butterworth