These days, we all have hundreds of online accounts—google, amazon, facebook, twitter, snapchat, pinterest, patreaon, reddit, linkedin, tumblr, tindr, grindr, fumblr, tossr, tittr, skweelr, goodreads, goodflix, qikpix, hotchix, and dikpix—the list goes on and on. And the one thing they all have in common, is that they all let you reset your password via email. What this means is that if anyone can crack your email password, they've pretty much got the lot.
Fortunately, a clever dick named Steve Gibson has invented an alternative login system called SQRL. I think it stands for "Secure Quick Reliable Login" and you can read about it on Wikipedia or Steve's website at grc.com (normally I'd be linking to this stuff, but on my current connection, web-pages are taking about 20min to load). Less fortunately, due to inertia and a lack of professional advocacy, it seems unlikely that anyone is actually going to adopt Steve's nifty little system. I guess we'll just have to wait and see.
In the meantime, here's a few things to think about:
Password Complexity
Nobody who is trying to get into your email account is typing in passwords by hand. To put it in simple terms, they're using special automatic-password-guessing software.
First of all, don't use a literal password—like …
| John | |
| or | Victoria |
| or | miscalculation |
… and don't think you're being clever by doing something like …
| jOHn | |
| or | V1ct0r1a |
| or | !miscalculation459 |
… you're not fooling anyone. Ideally, you should be using a string of completely random characters, such as …
Zpq3X9fJK0.l9MZ@-ynSLe74$
… but let's face it, you're not going to. In my opinion, the best practical solution is to use a passphrase—something like
| Holy shit, have you seen the arse on John? | |
| or | If Victoria says 'OMG LOL' again, I'll murder the bitch. |
| or | Trying to conduct three extra-marital affairs at once may have been a miscalculation. |
Obviously, you want to use something original and not a famous quote or book-passage or something; and the longer you can make it, without forgetting anything, the better. Oh, and this is just my personal experience—and it may not work for everyone—but over many years, I've found that the naughtier I make my pass-phrases, the easier they are to remember. Maybe I just never grew up.
Password Re-Use
If anyone cracks your password on any website, the first thing they're going to do is go and try that same username/email + password combination on every other website they can think of. Having said that, it's probably not realistic to expect that you're going to remember some long-arsed pass-phrase for every single website you ever visit—regardless of how filthy you make them. For that reason, you may have to do a bit of triage. Decide which sites you don't really give that much of a shit about, and re-use a pass-phrase only for those particular sites.
For obvious reasons, never re-use the pass-phrase you use for your email account.
Writing Passwords Down
This might seem counter-intuitive, but writing your pass-phrases on a piece of paper and putting it in your purse is probably a lot safer than having them in a secret file on your computer. In fact, it's probably a lot safer—generally—than what you think. This is especially true if you only write down your pass-phrases and not the websites they're associated with. Think about it—how many times in your life have you actually had your purse stolen? And what are the chances that some random purse-snatcher is also going to be a competent cyber-criminal? How likely is it that they're going to find …
I wish my alarm clock could wake me up every morning with a big dong.
Every year Rupert Murdoch looks more and more like a scrotum with eyes.
You reckon the Wiggles have ever played naked twister while on the piss?
… written on a bit of paper and assume it's a list of passwords? I'll bet it's a lot more likely that somebody who hacks into your computer and finds a file with that stuff written in it is going to put two and two together. Also, you don't have to worry about extra copies being made every time you do a backup—or, alternatively—losing it in a hard-drive crash. Plus, if something's in your purse, there's a better chance you're going to have it close at hand if you do ever really need it.
At the very least, if somebody does steal your purse, you're actually going to know about it—and that means you may have time to get online and change your passwords before the thief can get themselves sorted out.Security Questions
Security questions may seem like a good idea, but are they? "What was your mother's maiden name?" How long would it take someone to find that out? Are you sure you've never posted that information anywhere online? Are you sure that nobody who knows you has ever posted that information online? What questions couldn't somebody answer if they had enough time to do their research?
11 comments :
Ta, I need to get onto changing mine. I've been getting a bit slack. It's a pain in the arse though writing such a long sentence every time you want to log in to something. I guess you also need to tack a uppercase number combo on the end for when it has to have those things
Has your site gone funny? The recent comments bit is way down the bottom
Also, have you read The Thrilling Adventures of Ada Lovelace and Babbage? I'm halfway through and I love it
Squib:
Site looks fine to me. Is it still looking wonky on your end?
Typing long pass-phrases is indeed a pain in the arse until you get used to it. If you use a capital letter and full-stop for your pass-phrase, that should take care of sites complaining about case and punctuation. The digit thing never stops being a pain in the arse though.
Am vaguely aware of the story of Lovelace & Babbage but have not read that particular book. Might have to check it out.
Very wonky. The recent comments is right at the bottom and there's nothing on the right side. I use Chrome these days
Ah right; It's probably something to do with Chrome, and I won't be able to test it for another month or so.
Cheers for the feedback, Squib. May I ask why you switched away from Firefox?
It was giving me grief on news sites, freezing all the time
Oh, poor old Firefox. People are deserting it in droves, and for good reason, mostly.
How is Chrome treating you?
Chrome's ok I guess but I liked Firefox more (apart from the fact it stopped working properly)
You fixed it, good work!
I didn't fix anything Squib. But from what you've just told me, I'm guessing that whatever was causing things to render funny in Chrome has been pushed off the front page.
Cheers. Saves on work finding the problem when I get back.
Post a Comment