Over the weekend, the servers of Gawker Media — the company behind many popular blogs, including Lifehacker, Gizmodo, Jalopnik, Jezebel, Kotaku and io9 — were hacked. Account data, including usernames and passwords of blog commenters, have been stolen. While that’s an issue in itself, it’s now causing wider problems, because many people use the same password for more than service. Twitter is currently dealing with a surge in spam that appears to be related to the Gawker breach, for example.
If you have an account on a Gawker blog and use the same password anywhere else, it’s imperative that you change those passwords immediately (you can find out whether the details of an account associated with your email address have been stolen here). Use this as an opportunity to set more secure passwords on all of the services that you use. Even if you’re currently breathing a sigh of relief because you don’t have a Gawker account, now is a very good time to review your password strategy.
How to Set Secure Passwords
For a password to be secure, it needs to be difficult to guess, as long as possible and consist of a combination of letters, numbers and characters. It also needs to be unique for each service that you use. The trouble is that the longer and more difficult to crack a password becomes, the harder it becomes to remember, which is why many people use the same password everywhere. The good news is, there are a few strategies that you can use to set secure and unique, yet memorable, passwords:
- Use a password manager. This is probably the easiest and most secure option, and so it’s the one I recommend. There are several excellent tools available, such as LastPass, 1Password and KeePass, that can generate and store extremely tough to crack unique passwords for every service you use. Because the tool manages the passwords for you, you don’t need to worry about forgetting a tricky long password.
- Use a password hashing tool. A password hashing tool will take your password, combine it with a parameter (perhaps based on the site’s name or domain) and combine the two using a hashing function to create a very tough to crack password. As the tool deals with the hashing for you, you only need to remember the master password. There are several free password hashers available as browser add-ons.
- Use a rule-based password strategy. Gina Trapani posted a great rule-based password strategy on Lifehacker back in 2006 (if only all the Lifehacker readers had actually heeded her advice!). The idea is that you take a base password and combine it with the name of the service the you’re creating the password for using a set of rules. For example, my password for WebWorkerDaily might be %shjk80aily% (an easily memorable master password of shjk80, plus the final four letters from the service name, surrounded by % characters for extra security). Applying the same rules, my password for Amazon would then be %shjk80azon%. You can also reverse or reorder the letters from the service name, or interweave them with the letters from your master password, for even greater security.
All of the suggestions above require you to set a master password. It’s always a good idea to make this as tough to crack as possible; Thursday posted some tips for setting secure passwords here.
Share your password tips below.
Related content from GigaOM Pro (sub. req.):