By Mike Dempsey
Posted on 2016-11-17
So now that I have broached the subject of passwords, I want to spend some more of my writings talking about password theories. I know this sounds kind of boring but it is important and I’ll try to keep things brief and at a pretty high level rather than a in depth view.
First, if you really want to make things easy for a hacker, then go ahead and use the same password for everything. Even using 2 or 3 passwords for everything doesn’t make it too much harder for them. The main weakness is that this allows hackers who can get into one account, like Facebook, to then get into your Amazon account or your iCloud account. If they get into your FaceBook or Twitter accounts, that can wreak havoc on your social networking. If they get into your Amazon or iCloud accounts, they can cost you lots of money or time recovering data. My basic premise is that any account that has any value, such as bank accounts, credit card accounts or e-commerce sites like Paypal, Amazon or iTunes should have their own separate passwords. I don’t really care if you use the same password for social networking or even e-commerce sites where they don’t store your credit cards but if there is a credit card or bank account info, it should have its own password. If someone hacks your Facebook account, which I have seen several times, then you have to assume that they will try every other account that is out there. Each of those times, the users used the same password for multiple accounts and in each of those cases, the hackers had already logged into the accounts and either changed the passwords or attempted to use the account to start another scam using the contacts that they found in those accounts.
If you want to come up with a method for using memorable passwords that don’t need to be written down, then there are several methods. My favorite is to use two words that don’t have anything to do with each other and to use numbers and punctuation between them. For example, boat4&cat or head#8goat. Another way I have seen is to use the first letters of the words in a song or other verses that you would know. fffthdtttba is actually “fun fun fun til her daddy takes the t-bird away.” There are several other tricks out there that a googling password methods will turn up.
So, Mike, how do you remember all of the passwords that you to remember? I utilize a password utility called 1Password by Agile Bits. It allows for synching of all of my secure data and passwords on every device I own. I’ll be honest, the whole package of products isn’t cheap but I find the security offered by it to be worth it and I’ll cover it more in detail in an upcoming article. There are other utilities out there that offer the same sort of tricks but sure that you aren’t just giving the fox the keys to the henhouse. A few years ago, there was a company that was known for writing malware and they offered a free password utility. Guess what? The users of that software found out that they were actually giving their passwords to a group of hackers. This article isn’t meant to cover the ins and outs of those packages, just to be an introduction to their availability and a cautionary statement about making sure you can entrust your data with them.
So you may say “is this really necessary? I don’t have anything of any real value on the computer. Guess what? Your computer and your data are worth far more than you can imagine. If you give hackers your password or they can otherwise get into your accounts, they can make thousands on each successful attack that they get you to fall for. A recent study in the UK showed that the average bank scam victim was taken for over £10,000. http://tinyurl.com/nsvdw6d so yes, if they just get even 1 or 2 people to fall for their scams then yes, it is is worth it. As previously mentioned, one of my clients fell for one of the phishing scams and was tricked into giving the hackers her iCloud password. By the time she called me, they had already sent an email out to about 1300 of her friends pleading for money. If only one of those friends fell for it, then it would have been a successful payday. I also asked her what other accounts used the same password. She said that at least one credit card had the same password and I asked her to change it immediately. She wasn’t able to login to the account. We don’t know if they had gotten into her account before we did which was possible since she had given them all they needed to get into her account but she was able to call the bank and get her password reset before any real damage was done. Imagine what could have happened if they had done this at 1:00am rather than at 10am. They would have had over 9 hours to have attempted dozens of tricks once they got her first password. That is why you should use as many passwords as you can handle.