When looking at lists of the most commonly used passwords, the one word that comes to mind is “lazy”. It’s hard to deny that using “password” and “1234” for passwords isn’t lazy. It’s also dangerous. Sure, maybe you only use that for your junk Hotmail account or for logging into hotels.com, but those profiles have information about you and your habits. If you use a common username for most of your web ‘profiles’, it wouldn’t take much programming effort to link different accounts to the same user if a hacker has multiple lists to work with. Corporate data breaches have become so common that many of us don’t pay much attention to the ones that are reported in the media. And it’s not a stretch of the imagination to envision a black market of user data where lists are traded or sold with a few heavyweights collecting as many as they can get. While not even unplugging from the internet can keep you safe from this type of activity, there are a few steps you can take to thwart some of these criminals enough to make them move on to softer targets.
The guy that wrote the b00k 0n p4$$w0rd$ recently recanted. “It’s probably better to do fairly long passwords that are phrases or something like that that you can remember than to try to get people to do lots of funny characters,” Burr told CBS News. He’s right, but don’t give up entirely on special characters. Just be consistent.
You don’t need to use a different username for every account, but you should mix it up. Don’t overthink it and don’t make things complicated by making slight variations on a few different names or words. I try to have no less than five different usernames in my rotation, Because usernames usually can’t be changed, I add to the list every time I choose a new one. Also be aware of which ones are public, and which ones should always be between you and the company that runs the website where your profile exists
Use a Naming Convention for Passwords
Everybody knows this trick, or put another way, 3v3ryb0dy kn0w$ th!$ tr!ck. Using numbers and special characters in place of letters, so you can spell out familiar names or words for your passwords without being too obvious and lazy. The keys to this part of the password security advice are to try to be unique and to commit them to memory. Switching Ms and Ws, replacing n with & or always capitalizing the third letter or your password are just a few of thousands of potential combinations you can use.
To me, this is the most important piece of password security, because it takes a human to crack the code.
SirShitsAlot802 = R0v34V3m0nt
No amount of programming can figure out that your dog’s nickname, SirShitsAlot is actually the ‘Rover’ part of your password, and using 802 for ‘Vermont’ helps to obfuscate that part. If you keep a list in a place that is potentially accessible to a hacker, like on a file on your computer or in an app on your phone, it’s especially important. You can use the same technique for usernames too. Be sure to commit these nicknames to memory too, or you’ll be using the forgot password link more often than not.
Be Creative with Password Storage
Since most people have their smart phones on them at all times, and the devices are about as secure as things get that are connected to the internet, I’ll stick to that. There are a ton of apps you could use to store a list, but I would stick to the bigger names (Apple, Google, Microsoft, etc…) when it comes to selecting an app for this list, because they have the most to lose by a security breach. You could break the list up over a few different apps for an extra layer of security.