6 Password Protection Lessons Learned from the Sony Hacker Attack
Photo via Flickr courtesy of Johnathan Nightingale
For Sony and its users, the news just keeps getting worse. First the Sony Playstation hack exposed the personal info of gamers, and then the Sony Pictures hack allowed the movie-going crowd to get in on the misery.
Now the hacking group responsible for the latter breach has posted the names and passwords of Sony Pictures users as a torrent file for all to download. But there is a silver lining: As noted on MetaFilter, helpful programmer Troy Hunt analyzed the leak to show that most of us don’t choose secure passwords. Hunt’s blog post and the MetaFilter discussion are both full of good advice. Read on to learn the six most important tips.
Unfortunately, any good password will be hard to remember. Longer passwords are harder to guess or crack, and the more numbers or non-alphanumeric characters you throw in the mix, the better. If it’s in the dictionary, it’s bad. If it’s a random jumble, it’s good.
But the most important tip of all is to never re-use the same password for multiple sites. As Hunt pointed out, 67% of users who fell victim to both the Gawker breach and the Sony breach used the same password on both sites.
Can’t Remember It? Write it Down
So now you have a list of crazy gibberish passwords for every website you’ve ever used. Nice work. Now memorize all of it. I’ll wait here.
What’s that? You don’t want to spend your entire life memorizing nonsense? Fortunately, you can write your passwords down as long as you keep the paper in a safe place, and maybe store a copy in another safe place. Jotting down a password you can’t remember is always preferable to using (or re-using) an easy-to-memorize password.
Use an Algorithm
If you want to try to keep it all in your head, there are some tricks to help you do it without sacrificing much security. Consider thinking of an easy-to-remember password, but placing your fingers one row up or one row down from the home keys to jumble it when you type it out. Or consider making a password out of the first letters of every word in a song verse you know by heart.
If you employ this method, try to still employ the above rules: Don’t re-use, and throw in some punctuation or numbers whenever you can.
If You Absolutely Must Re-Use Your Passwords…
Though it isn’t advisable, if you are determined to re-use the same password more than once, you can still reduce your risk.
Not all websites are created equal. If you use the same password for Twitter as you use for Instapaper, then you don’t stand to lose much if a hacker follows the breadcrumbs from one to the other. Just make sure that the sites that really matter, like e-mail or online banking, all have unique passwords. That way another Sony Pictures hack won’t mean full-fledged identity theft.
Get Help from the Pros
As you may gather from this post, secure passwords are a real pain. If you’re willing to pay, there are some incredible online services to take care of it for you.
LastPass is probably the most popular of these. For a subscription fee, LastPass will securely manage encrypted passwords and even automatically fill in online forms for you. It is available on lots of platforms, including iPhone and Android.
For those who want to keep it free, there are options. Password Generator is a handy way to create secure passwords for free. Password Safe is a free program for encrypting and saving passwords on your computer. Password Generator and Password Safe are great if used together.
It’s Not Just About Passwords
As the Sony hacks illustrate, even the perfect passwords can fall victim to a clever hacker or less-than-clever website security. This is beyond your power. What you can do, however, is manage what information you make available.
Many websites will allow users to re-set passwords using common “hints” like your mother’s maiden name or the street where you grew up. If you’re careful not to share that information over Facebook, Twitter, or on blogs, you’ll be that much more secure.
Have your own password tips? Let us know in the comments.