Tuesday, January 21, 2014

New "Worst Passwords" and Keeping Your Strong Passwords Safe

In the new list of 25 worst passwords, "password" moves from #1 to #2. The new #1 worst password is "123456". It is sound advice to not only use strong passwords (which contain a combination of letters, numbers and symbols), but to use different passwords for different websites.
Another really good reason to have different passwords for different websites is that you will know exactly what got hacked. Once a while back, I had the same password on Skype and GMail. It was a password that wasn't real strong, but I thought it was strong enough because it contained both letters and numbers. I was wrong. It was somehow hacked and posted on some website in another country. Fortunately, I was tipped off by a warning from a fellow software engineer in that other country before any major damage could be done. Having the same password for both, I could not know which site was the source of the hacking. Was my password hacked on Skype first, or was it GMail?
As computers get faster and more sophisticated, it is more important than ever to keep passwords unique and strong. Of course, SplashData recommends their product, SplashID Safe, to keep track of your passwords so that you don't have to rely on your "wet computer" to remember all those strong passwords. However, I also recommend KeePass which allows you to categorize your passwords. It also works well with having the password file saved in your cloud space and shared among more than one device. For instance, if you add a password on one device while you have your password file open on another device, you can still add a password on that other device and save it. It detects that the file was modified and merges the changes made by both devices so that you don't lose any added passwords.
It also has another nice feature where you can double click to copy your password to the clipboard and paste it into the password field of a website or application without revealing what your password is. It automatically removes the password from your clipboard after a specified number of seconds (default is 12 seconds).  This comes in very handy when you are doing online presentations and need to copy/paste a password without revealing it to your audience.

Stay safe.