By Francesca James
This is a timely reminder of the importance of good password practice. Duplication is a foolish habit; if a password is cracked through one site, it can then be crosschecked against others, and those whose LinkedIn password is the same as their bank account or business login details are putting themselves, and their companies, at serious risk. These leaked passwords are also apparently seven or eight months old — a clear message of the importance of changing a password regularly says Rob Cotton, chief executive at global information assurance firm, NCC Group.
Bill Carey fromPassword management provider Siber Systems says that "the LinkedIn incident is just the latest case to prove that online companies aren't necessarily able to protect their users' information. It's just a matter of time before the next theft occurs. But people can help protect themselves by using a strong, unique password for each web site that needs one."
Bills suggests that in order to protect your online identity, you should adhere to the following rules:
•Don't use the same password on every site. If someone is able to gain access to your password on one site, you don't want them to have access to all your other sites.
•Don't use dictionary words, nouns, foreign words or backwards words as most hackers programs will easily crack these password codes. Avoid using your own or family names, initials, or birth dates, your telephone number, pet's name, favourite sports or teams.
•The longer the password the less chance of it being hacked. Use long passwords of 8 characters or more with a mix of letters - in capitals and lower-case, numbers and symbols.
•You can make your passwords hard to guess but easy to remember. An easy way to do this is to use the first letter from every word in your favourite expression, or line in a story, poem or movie. For example, "A bird in the hand is worth two in the bush," could lead you to the following password: ABinHiWTitB.
•Don't allow a web site to store your password - anyone with access to your computer can get hold of these and hackers are increasingly gaining access to servers where passwords are stored. Also, if you decide to delete your cookies many sites will not allow you access, forcing you to go through the time consuming process of requesting and resetting your password.
•Choose a password that you want to use and then come up with a keystroke mapping system. For example, if you choose to do an "upper-left" keystroke system you would choose the letter to the upper-left of the actual key you wanted. If the word you wanted to use for your password was football, your keystroke password would be r995gqoo. It sounds complicated, but you need to look at your keyboard anyway, so it is simple enough to select the letter to the upper-left, left or lower-right of the word you choose to remember.
•There's no substitute for remembering every combination username and password, but when you find that this becomes overwhelming, instead of lowering your password management standards, use a secure password management program.