OK. Keep in mind I have many different passwords. You can’t use my MySpace password with my Bank account. You can’t use my Paypal password with my email. But I do have a couple general passwords that I use to sign up for websites.
As I was working today I realized – I signed up for 5 different new services out there and I used that same password. I would guess I sign up for 20-30 new sites a week. Thats a lot of places where my password is.
How do I know if my password is safe? Granted, they can’t get to my financials with this password, but they could find my profile in several other places and make life more difficult for me. Change the password, change or even delete the profile.
It’s not a big deal for me. If I lose my MySpace profile, or the multiple Ning sites I signed up for, that is OK. I can always change the basic password and start over. It would be a pain, but at least it’s not affecting my overall personal and financial life.
Once again I go back to the question: do I know if these people can’t get into my passwords? Worpress uses an MD5 hash encryption. There are sites out there that offer programs to encrypt and even Decrypt this security. How do I know the webmaster didn’t just retool the wp_users field in the database for plain text passwords?
Even today, the word “password” is a common password for people on sites like Myspace. It really should be something like “Passw0rd” so there is some security to it, but the best thing would have it not be password at all.
Here is what I follow on passwords.
1. Multi tier – My email PW is different than my Social Networks PW which is different than my banking PW. I may also use a different email address or logon as well.
2. Don’t use the Dog’s name – Alex is a great dog, but won’t ever be my password. Don’t even use kids, street names, or other obvious words. After all, how secure can my long password be if they know it starts with Alex?
3. Two or more words, Different patterns – Alexrocks is a safer password than just Alex. The password crack software usually goes through the dictionary. Therefore making your password 2 or more words makes it harder to figure out.
Alexr0cks is even better, Alexr0ck$ is even more secure. Uppercase, lowercase, numbers and Special characters makes the patterns even more difficult. Of course, the more characters and the more change, the better.
4. Change a password – Business has adopted the 90 day password for a reason. Changing the big passwords every year is a good rule.
5. NEVER give out the passwords. If something happens to you – you should put information down in an area so people can get into your data. I still wouldn’t put down a password though – just the location and maybe a username. In an envelope and at a safe place like a lock box.
6. Understand who your giving your password to – That website looks cool, but can it be trusted?
I’ll probably continue to join sites. Like I said – I am not using my Bank password for Whatever.com’s blog. Hopefully I can trust those I sign up for.