Sonnet Media LLC

Forget Memorable Passwords

by Bud Parr on September 19, 2008

As we live more of our lives online it’s easy to get lost in all the passwords we’re forced to carry in our heads and it’s tempting to settle on something memorable that we can use for a lot of sites/accounts. But the following should come as a real warning:

“Yesterday, it was reported that wannabe VP Sarah Palin’s Yahoo account was hacked by a perpetrator wishing to find incriminating information in her emails. It was not done using some strange computer security vulnerability. It was not done by guessing her password. It was done just inthe same way as Paris Hilton’s T-Mobile account was hacked some time ago: by guessing the answer to the respective owner’s security questions. For Paris Hilton, it was the name of her dog. For Sarah Palin, it was her zip code, date of birth, ad where she met her husband.

How hard is it to learn somebody’s zip code? Not that hard.Try the whitepages. Date of birth? Easy for a public figure – try Google. This will take you less than a minute each. Now, we know that Sarah Palin and her husband were high school sweethearts. The answer to this question turned out to be “Wasilla High School”. All in all, it took the reported hacker less than 45 minutes to break into the account. In fact, using your pet’s name appears more security conscious than using zip code, date of birth and where you met your spouse.”

- IT World

This goes for personal as well as professional accounts. We suggest using long, non-word passwords, which may even include characters like ^#& and odd, perhaps even incorrect answers to security questions. These of course are not memorable, but there are many programs out there that will store them for you and your Web browser does too; Firefox is particularly good with handling passwords, although I’d suggest keeping them in another secure program as well (if you want suggestions for password storage programs, just drop me a line and be sure to mention if you’re on a mac or pc). Also think about changing your most important passwords from time to time. Organizations should have a formal protocol for this.

There is hope for our increasingly overloaded info-age life. Standards are being created to both increase security and make access easier. Some of those are very high-tech, but one standard, OpenID seems to be catching on widely. OpenID, according to Wikipedia is a a service that “allows Internet users to log on to many different web sites using a single digital identity, single sign-on, eliminating the need for a different user name and password for each site.” I’ve been using it for a year or so at least and like the layer of security and relative simplicity, but it takes adoption by myriad Web applications and Web sites to be useful and we’re not there yet. Some of the services that use OpenID are Blogger, a free blogging service (owned by Google) and Basecamp, a project management system.