Did you see this yesterday? Evidently someone hacked into Sony’s computer system and found the passwords for the social media accounts for all of their movies (we’re talking about Facebook, Twitter, MySpace – I guess it’s still a player, at least as far as Sony is concerned – and YouTube) in a folder called “Passwords.”
I got a huge laugh out of it, then I realized it’s probably a lot more common than anyone cares to believe. I knew a guy who kept all of his credit card numbers in a password-protected Excel spreadsheet. Not a bad idea on the face of it, except all of the card information was visible while he was typing in the password. Other people have sensitive password information on Post-It Notes stuck to their computer monitor. Others have a sheet of paper in a folder in their desks.
I’ve started using LastPass’ password-generation routine. It generates a random string of characters (upper- and lower-case letters, numbers, and symbols) and stores them in your vault. It then populates the user ID and passsword fields automatically for you, so a keystroke logger can’t capture the password when you type it. I honestly don’t know the password for sites like my bank, my PayPal account, or my credit card payment sites. I’m starting to do the same thing for the non-crucial sites as well, like Papa John’s and some of my bulletin boards, places where I’d been using a simple password like one of my cats’ names and a few digits.
But passwords only work well when you change them frequently, and the tendency is to use something that you can remember, and to use it just about everywhere, and leave it at that. There’s always the worry that you’ll be on someone else’s computer and need one of the passwords and not remember what it is. That can be a problem: if someone hacks my Gmail account and I’m using the same password for it and my bank, that person could clean me out.
Some companies like Google use a two-step verification system: after you type in your password, they send a text message or call you with a validation code that you need to enter to access your account. I worked with a company that gave my group a keyfob that generated a random number you would use for a password, that was only good for three minutes. Still other services require you to have a USB “key” to access their systems.
We could soon see technology that uses fingerprints, retina scans, voice prints, and other biometric information to secure our accounts. Until then, you might want to consider a password manager like LastPass (Googling “password manager” gives you a list of them). Or you could use a random password generator like the one at Random.org to generate a strong password.
Just, whatever you do, don’t keep your passwords in a folder called “Passwords.”
Do you have a unique way of coming up with passwords? Have you used any technology like a keyfob or a USB key?