Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What you don’t know about passwords might hurt you

Joe Kissell | Nov. 28, 2012
Your password strategy, if you have one at all, might be seriously out of date

I dont mean to alarm you, but well, actually I do. Your password strategy, if you have one at all, might be seriously out of date. In recent months, several well-publicized attacks on major online services exposed users passwords. For example, in June 2012, more than six million LinkedIn passwords were stolen and posted online. Just over a month later, over 450,000 Yahoo passwords were leaked. Apart from the direct damage that can come from having ones password made public, these security breaches revealed that vast numbers of people follow dangerous password practices that can result in far worse problems.

If you havent examined your approach to making and using passwords recently, now is a good time to rethink your assumptions. Here are a few important facts about passwords you may not have realizedand what they mean for you.

Password reuse is a major danger

You know how it isevery time you turn around, another website or online service wants you to create a new password. Because thats so tedious to do, many people rely on shortcuts. But these shortcuts can get you in trouble. As a case in point, consider the common practice of using the same password for multiple sites.

Suppose you signed up for a LinkedIn account, and you used the same password you previously chose for your Gmail account. Then, in June, you were one of the unlucky people whose LinkedIn password was leaked. An enterprising hacker who knew your LinkedIn password could have easily tried it with other popular services, so getting access to your Gmail account would suddenly be trivial. Thats a problem not just because someone could read or delete your email, but because you might use your Gmail address to access or reset other passwords. If the hacker clicked the forgot password link on another site, he could then check your email to get access to accounts that use other passwords. Even reusing a single password in two places could, in this way, cause cascading problems.

The best antidote to a password reuse habit is a password manager, such as 1Password (, $40) or LastPass (, free; premium service, $12 per year). These tools can generate passwords for you, store them securely, and fill them in on websites with a click or keystroke. That makes it painless to maintain different passwords for each site or service.

Hackers know your little password tricks

Faced with the need to come up with a new password, the next-biggest crutch after reusing passwords is to pick something thats extremely easy to remember and type. As the lists of stolen passwords and other security research show, an awful lot of people still use 123456, password, baseball, and other simple strings. That means these and the next several thousand most common passwords will be the first things a hacker tries when attempting to break into an account. Common dictionary words, names, and dates are also easy to check, and should therefore be avoided.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.