Sharepoint Europe Blog Post
<< Back

Securing Your Passwords: The Bottom Line

07 June 2012 by Dan Holme, MVP

Here's password advice I give to friends and family. I encourage all technology folks to forward it to their circle of friends and family as well.

I wrote it because LinkedIn passwords have been compromised. But it applies to every password situation and every password user.

So LinkedIn passwords have been compromised. You can read more about it in this article from ZDNet. Here's what you should do:

  • You MUST change your LinkedIn password.

 

  • If you use the same username (email) and passwords on any other site, you MUST change the password on those sites as well.

 

  • You should have DIFFERENT passwords for different security scenarios. If you use the same password on LinkedIn and some more important site (like your bank, or a shopping site that saves your credit card for future purchases), you're in trouble, right? Anything that is really important to you-banks, shopping sites, etc.-should have a password that is different and more complex than passwords you use on less secure sites.

 

  • I personally have 3-4 "tiers" of passwords: I have a couple of passwords I use on sites that I don't trust the developers of-that I fear may be storing the passwords in plain text or with poor security. If there's ever a site that can "send you your password" when you forget it, that's a PROBLEM. Figure out what your "tiers" of security are and, at a minimum, create passwords for each tier.

 

  • You should have a unique password that you use for meta-authentication identities: Windows Live, Facebook, Google, etc. These accounts are used by multiple sites, right? If they get compromised, you're in big trouble.

 

  • Ideally, you should have different passwords for each site.Now you may not go all the way with this concept, but it's an important concept. And different passwords don't need to be hard to remember.

 

  • Imagine if my dog is named Spot. My "base" password might be Sp0t (with a zero, to make it slightly more complex). If I want a unique password for Amazon, I think about the Amazon river, and to me I imagine going on a boat up the Amazon to see the jungle. So my password becomes Sp0tJungleBoat.

 

  • Maybe I swap some digits for letters and add a symbol or two: Sp0t!JungleB0at. Believe it or not, to me that's easy to remember, because I came up with it.

 

  • Come up with approaches to making passwords that allow you to remember passwords easily. And for what it's worth, I use eWallet to store my passwords just in case I do forget one.

 

  • Finally, too many sites use ridiculous security questions that are quite simple to answer if you can Google someone or find their information on Facebook. If a hacker can answer your security questions, they can typically get a password reset eventually.

 

  • My advice: get a life. Literally. Make one up.Invent a new mother with a maiden name that is not your mother's. New hobbies, new high school, new pets, new spouse. You don't have to answer security questions honestly, just consistently. Your invented life, that only you know, will be infinitely more secure than your own.

 

This article was first published by Dan Holme on SharePoint Pro.

Check out our new resource centre for more content!

Gain instant access to our SharePoint content by following us on  twitter or  facebook.

0 comment(s) for “Securing Your Passwords: The Bottom Line”

    Leave comment:

    Save the Date 4-7 February 2013, Copenhagen, Denmark.
    Contact us: +353 (0) 91 514 472 info@sharepointeurope.com
    © Copyright 2013 European SharePoint Community