Top Posts, the Lemming,
and Other Stuff

Saturday, January 1, 2011

Strong Passwords: It Can be Done

"Gawker Victim? 4 Ways to Make Your New Password Secure"
William Fenton, PCMag.com (December 14, 2010)

"You hear about it all the time: sweeping security breach exposes thousands of usernames and passwords. Everybody knows the repercussions of password insecurity, but when push comes to shove, it's a pain to change passwords and it's even more of a pain to keep track of them.

However, if you are a member of any of the Gawker weblogs—Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot—the threat of hacking just got a whole lot more real. Last weekend's security breach exposed nearly 1.5 million accounts, including 500,000 e-mails and 185,000 passwords, to The Pirate Bay. I know what you're thinking, Pirate Bay? But that's for downloading movies. Alas, dear buccaneer, it's true.


"In the aftermath of the hack, Gawker distributed an email encouraging its members—or those who choose to remain members—to change their passwords associated with their commenting accounts. Thankfully, you're wise enough to read the best name in tech news and reviews, and we at PCMAG will help you get those passwords sorted.

"Whether you're a gawked Gawker or watchful web prowler, there are some basic rules to keep in mind as you update old passwords and create new ones...."

It's a short list: and you've probably seem the advice before. An item that's not there is - don't use "password" as your password. "password1" is just about as useless. In the Lemming's opinion.

This article's more of a teaser for a longer set of items, starting with:It's mostly common sense: like not putting your password on a sticky note in the office.

There's one the Lemming doesn't recall reading before, too: spelling your password backwards. Skrawkcab, in other words. If that catches on, the Lemming thinks it'll become a major security issue in short order. It wouldn't take too much doing to make hacking software that tries passwords like drowssap or 1drowssap.

Other advice seems more secure: like making passwords that include numbers (other than "password1"); and using words not found in dictionaries (other than your user name).

Related posts:

2 comments:

Thanks for your comment!