It's National Cyber Security Awareness Month, and Google wants to remind you of a basic tenet of online security: passwords. Considering that October started off with a security breach that struck more than 10,000 Hotmail accounts, a security review may not be such a bad idea. Michael Santerre, Google's Consumer Operations Associate detailed Google's password advice in a recent blog post.
Some of Santerre's precautions are things you've likely heard many times before: don't use personal information like your name or birth date, and don't use simple passwords like "password" or "letmein." Instead, Santerre says you should use a unique password for every site, one that includes a mixture of numbers, letters, and symbols. This will help protect you from dictionary attacks, where a hacker uses a program that tries millions of word and letter combinations to guess your password. But keeping track of so many passwords can be tough; Santerre advises you to write your secret codes down or keep them in a computer file, just don't give your file an obvious name like 'paswords.doc.' or 'Fort Knox.txt.'
Finally, keep your password recovery options up to date so that a hacker can't take over an abandoned e-mail account. Let's say your email@example.com account uses firstname.lastname@example.org as the secondary e-mail address for the password recovery option. If you've forgotten about that account, a hacker could sign up for email@example.com and end up hacking into your Gmail account. This is exactly how a French hacker gained access to Twitter's company files earlier this year.
If you're worried about your password security, here are a few more tips:
1) Use a combination where you substitute letters for numbers, words for numbers and include random capitalization. For example, 19 Peach Place becomes 0ne9peacHpl!--note the random exclamation mark at the end.
2) Create a sentence and then pull the first letter from each word, substituting numbers or even symbols were possible. Turning a sentence like, "Zachary Taylor was the twelfth president of the United States," into ZTwt12potUS.
4) If you've chosen your own number, letter, and symbol combination, but aren't sure how strong it is, run it through Microsoft's Password Checker.
5) So now you've got a strong password for all your important e-mail and banking accounts, but how are you going to keep track of all of these endless codes? Consider using a password manager, or just keep them on a piece of paper in the physical world--just don't attach the list to your computer.
If you want more online security than just smart passwords, check out PC World's article on "Super-safe Web Browsing."