The research revealed a worrying fact: Most people choose passwords based on readily available information. This means a surprising number of accounts can be hacked using a few simple, educated guesses.
Read more: http://www.techlicious.com/blog/the-10-worst-password-ideas-as-revealed-by-google/#ixzz2fRTYSNE9
Think about your own passwords. If a mischievous student clicked the ‘forgot my password’ link to one of your accounts, could he or she answer your security questions? Are you still using your dog’s name?
Slate technology columnist Farhad Manjoo wrote a great article in 2009 about the danger of weak password security and how to fix it.
It’s worth reading in its entirety but here’s a list of highlights:
- People’s passwords are generally pretty weak.
- Often getting access to a person’s email yields a treasure trove of information, because many people either email passwords to themselves, to remember them; or because some sites send users passwords through email in their welcome message.
- A password should not contain or be based on a readable word.
- Don’t meet the ‘number and character’ requirement by just adding a ‘1’ or ‘!’ at the end of a word, and don’t make simple substitutions such as ‘@’ for ‘a’ or ‘$’ for ‘s’.
- Mix capital and lowercase letters.
“Start with an original but memorable phrase. For this exercise, let's use these two sentences: I like to eat bagels at the airport and My first Cadillac was a real lemon so I bought a Toyota. The phrase can have something to do with your life or it can be a random collection of words—just make sure it's something you can remember. That's the key: Because a mnemonic is easy to remember, you don't have to write it down anywhere. (If you can't remember it without writing it down, it's not a good mnemonic.) This reduces the chance that someone will guess it if he gets into your computer or your e-mail. What's more, a relatively simple mnemonic can be turned into a fanatically difficult password.
Which brings us to Step 2: Turn your phrase into an acronym. Be sure to use some numbers and symbols and capital letters, too. I like to eat bagels at the airport becomes Ilteb@ta, and My first Cadillac was a real lemon so I bought a Toyota is M1stCwarlsIbaT.
That's it—you're done. These mnemonic passwords are hard to forget, but they contain no guessable English words. You can even create pass phrases for specific sites that are coded with a hint about their purpose. A sentence like It's 20 degrees in February, so I use Gmail lets you set a new Gmail password every month and still never forget it: i90diSsIuG for September, i30diMsIuG for March, etc. (These aren't realistic temperatures; they're the month-number multiplied by 10.)”
THE PROCEDURE: It varies depending on the platform and where you’re accessing it.
FOR WINDOWS COMPUTERS INSIDE THE DISTRICT: On a Windows computer within the district, log in, then press ‘Control+Alt+Delete’. Choose ‘change password’ from the pop-up dialog box and follow the on-screen prompts.
FOR MACS AND COMPUTERS OUTSIDE THE DISTRICT: If you are changing your password on a Mac, or want to do it from home, follow these steps:
- Log in to the district webmail: email.rsd13.org (remember to use ‘rsd13/USERNAME’ in the domain/username field)
- Once logged in, click ‘Options’ near the top-right corner of the window.
- From the options screen, choose ‘Change Password’ from the left sidebar and follow the on-screen prompts.
Like I said above, it’s a good idea to change the passwords to your other accounts as well. Manjoo, security experts, and yours truly all suggest using different passwords for critical stuff, like financial accounts, email, and social networks. For things that matter less–blogs or magazines you might subscribe to, for example–it’s generally okay to use an across the board one.