More and more these days I’m getting “I was hacked… ignore my emails” emails from friends and family (I won’t get into the inherent paradox which exists here). I thought it might be helpful to write a short post explaining the rules to follow to help prevent this from happening.
- It can’t be too simple
- It needs to be unique
There are two main ways by which evildoers get your password: they try to guess it or they steal it. Choosing a complex password makes it far more difficult for your password to be guessed. Here’s a good site with instructions on choosing a password as well as a great xkcd comic on the subject.
The problem we’re now faced with is making sure it’s unique. Although you can probably trust Amazon to securely store your password the same may not be true of some other random site you use. If they get hacked (and they didn’t store your password encrypted) bad guys now have your email address and password and will try it on other sites. A good password is harder to remember than “1234” so it’s clearly a challenge to remember a unique password for every site you use.
Here are two ways around this problem: You can use a tool which will store your password for you such as lastpass. Although they offer browser plugins to make entering your password easier you should keep in mind that this can be inconvenient when using a friend’s computer or Safari on your iPhone. The other option (which is especially useful for sites you rarely check) is to use a random string of characters and simply use the “forgot my password” feature when you need to log into the site.