Here's password advice I give to friends and family. I encourage
all technology folks to forward it to their circle of friends and
family as well.
I wrote it because LinkedIn passwords have been compromised. But
it applies to every password situation and every password
So LinkedIn passwords have been compromised. You can read more
about it in this article from ZDNet. Here's what you
- You MUST change your LinkedIn password.
- If you use the same username (email) and passwords on any other
site, you MUST change the password on those sites as well.
- You should have DIFFERENT passwords for different security
scenarios. If you use the same password on LinkedIn and some more
important site (like your bank, or a shopping site that saves your
credit card for future purchases), you're in trouble, right?
Anything that is really important to you-banks, shopping sites,
etc.-should have a password that is different and more complex than
passwords you use on less secure sites.
- I personally have 3-4 "tiers" of passwords: I have a couple of
passwords I use on sites that I don't trust the developers of-that
I fear may be storing the passwords in plain text or with poor
security. If there's ever a site that can "send you your password"
when you forget it, that's a PROBLEM. Figure out what your "tiers"
of security are and, at a minimum, create passwords for each
- You should have a unique password that you use for
meta-authentication identities: Windows Live, Facebook, Google,
etc. These accounts are used by multiple sites, right? If they get
compromised, you're in big trouble.
- Ideally, you should have different passwords for each site.Now
you may not go all the way with this concept, but it's an important
concept. And different passwords don't need to be hard to
- Imagine if my dog is named Spot. My "base" password might be
Sp0t (with a zero, to make it slightly more complex). If I want a
unique password for Amazon, I think about the Amazon river, and to
me I imagine going on a boat up the Amazon to see the jungle. So my
password becomes Sp0tJungleBoat.
- Maybe I swap some digits for letters and add a symbol or two:
Sp0t!JungleB0at. Believe it or not, to me that's easy to remember,
because I came up with it.
- Come up with approaches to making passwords that allow you to
remember passwords easily. And for what it's worth, I use eWallet
to store my passwords just in case I do forget one.
- Finally, too many sites use ridiculous security questions that
are quite simple to answer if you can Google someone or find their
information on Facebook. If a hacker can answer your security
questions, they can typically get a password reset eventually.
- My advice: get a life. Literally. Make one up.Invent a new
mother with a maiden name that is not your mother's. New hobbies,
new high school, new pets, new spouse. You don't have to answer
security questions honestly, just consistently. Your invented life,
that only you know, will be infinitely more secure than your
This article was first published by Dan Holme on SharePoint
Check out our new resource
centre for more content!
Gain instant access to our SharePoint
content by following us on twitter or facebook.