Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are your passwords safe?

Joe Kissell | May 3, 2013
How to keep your accounts as secure as possible

Of all your passwords, the one for your email account may be the most valuable. That's because whoever has access to your email account can read and click links included in any password-reset messages you receive (such as when you click an 'I Forgot My Password' link). A hacker who has guessed or stolen just that one password can unlock many of your other accounts and do all sorts of damage.

You can limit your risk here in a couple of ways.

Set up a dedicated password-reset account

Consider setting up a new email account for yourself (using a free service such as Gmail) with an address that you'll never share or post publicly.

Use this account only when you're prompted to supply an email address for the purpose of verifying or resetting a password. That way, even if someone breaks into your main email account, your other accounts won't be compromised.

Take extra care with your email account password

Choose an especially secure password for your email account. Make sure to set your email client to communicate securely with the mail server - using Secure Sockets Layer (SSL) protocols for example - so that your password never travels over the air unencrypted. In Apple's Mail, select Mail > Preferences, click Accounts, choose an email account from the list and click Advanced. There you'll see the option Use SSL.

Your Apple ID's Q&A. Change the security questions and answers for your Apple ID to make your account as safe and secure as possible.

Question the questions

Security questions are supposed to have answers that you'll remember, but that most other people won't be able to guess. Unfortunately, most of the questions you'll see aren't secure at all.

Your mother's maiden name, for example, is a matter of public record; and if you ever wrote a Facebook post about your first pet, that is in the public domain, too. Some questions could have multiple answers. Where did you meet your spouse? That might be in Sydney or at the Opera House.

Devise memorable lies

To address such problems, lie. And don't just lie, but come up with one or more answers that follow the same rules as other passwords, to prevent guessability. Use either a reasonably long (but memorable) phrase or a series of random characters.

So, what was the name of my first pet? Why, it was 'bookends-qualitative'. My mother's maiden name? Her dad was 'Mr. E27jrdU!8'. It doesn't matter what answers you give, as long as you and only you know what they are.

One security expert says that he normally uses the same pseudo-random answer everywhere, although some companies (including Apple) require you to give different answers to each of several questions - meaning that you have even more password-like data to keep track of. Of course, you can write down your answers or store them in a password manager, but then the same problems that stop you from accessing your password could prevent you from accessing your security answers. You might make up a little story for yourself about fictional parents, cars, pets and the like that you can then draw on when asked for security answers on different sites.

 

Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for CIO Asia eNewsletters.