Abilene Christian University suffered a security breach the other day and it appears that the compromised usernames and passwords (especially the latter) were then used to gain access to Facebook accounts.
I think, among other things, that this should serve as a gentle reminder that it can be very dangerous to use the same password for all of your online accounts (but you probably do anyways, right?).
I remember that one of the best pieces of advice came from a co-worker a number of years back who suggested the simple strategy of adding 1-5 letters at the end of each password depending on the online service I was using. For example:
- Base password: teehee123
- Facebook: teehee123fb
- Twitter: teehee123twit
- Gmail: teehee123gmail
- And so on…
I think this strategy is almost too easy not to use.
So, do you have 1 global password or do you play it safe?
Jay says
I use the same at the beginning and vary at the end for different accounts, though some sites I have the same password, but many times it's for a site that I'm not even sure I am going to continue to use. I just have to create a user id/password to even access it.
Christopher says
I use retinal scanners for password encryption, but before you get any ideas about using a spork on me. I use a set of eyeballs that I purchased on eBay. So they are color coded for levels of security.
Ok actually I use the old Unix server admin rules. Numbers, Letters, Case changes and random characters. Which is a real pain at times on the iPhone when I install apps that require access to twitter, facebook, etc.
dewde says
Song lyrics, my friend. I use song lyrics. For example let's take one from Lee Greenwood, "I'm proud to be an American." I grab the first letter of each word.
–> iptbaa
Then I add a date or some numbers of significance
–> 7/4/1776
And I get a password that I remember by context, and can recreate without having to memorize each character.
–> iptbaa741776
peace | dewde
Jim says
Lee who?
joannamuses says
I have a generic password i use for things that aren't particularly important (forums ect.). The passwords for my facebook, university accounts, paypal and netbanking are all different.
rodlie says
genius strategy, thx!!
Jim says
alpah numeric
Phillip Gibb says
I use Qu1nsgeni5ous#2 as my password for all my accounts.
Is that ok?
lol
noooo.
I reckon a password safe is great so long as your 'password safe' password is near perfect and does not get lost.
But it is a single pt of failure.
And a nuisance if you access different computers.
Aaron says
I use unique passwords for EVERYTHING on the web.
At work, we use RSA SecurID tokens. That saves me from having to memorize another two-dozen passwords.
Michael says
I use 1Password (Mac only) to generate passwords; there are some sites I have no idea what the password is
philldo says
I just started to update / change all my passwords recently after the twitter / gmail hacking incident. The bad thing that i haven't been getting much sleep lately and kept on forgetting my Google Voice password.
Web sites need to start coming up with a better "I forgot my password system". If it just sends an email then all your accounts are compromised once they hack your email account. "Secret questions" really aren't too secret anymore. If you are my friend on Facebook or stalk me at all you most likely can answer my mother's maiden name, favorite color or shoe size. Plus the quizzes on FB data mine the heck out of your and publicize to for your friends.
Overall I use unique passwords for the important stuff and a formula to create passwords for random sites like the Children's Museum Science Club etc.
Jeff says
You have a great point that most 'forgotten email systems' email a new password, meaning if someone can crack your email password they can get access to just about every other account you may have with ease. I am guilty of using the same rather complex password for everything which I may begin changing soon so that I am a bit more protected.
klreed189 says
Thanks for giving me your passwords, I am going to hack into your sites now and make some changes.
I change my passwords often. My biggest problem is I forgot which one i am using at the time. I do have a firefox plug-in called skipper that remembers them all for me, but that makes me pretty nervous at times. I have debated on getting rid of this fine plug-in and just using a piece of paper to remember my ever changing passwords.
Steven Rossi says
Lately I’ve been using unique passwords for every site. I use 1Password, and it generates and stores them for me. Before that I used a technique thy went something like this (using Gmail as an example):
first letter of service, capitalized (G)
number of letters in name of service (5)
one letter after second letter in service (n)
one letter before second letter in service (l)
last letter in service (l)
order in alphabet of last letter in service (12)
For a combined result of G5nll12.
But I prefer to just generate and save them. It saves me the effort of having to think through it.
ryanbrymer says
I've just started using a new password. It's "rb37… hey, wait a minute. I'm on to your trickery!
IcemanYVR says
I have three levels of passwords that I use, one for internet groups and forums, another one for stores and sites (like Facebook, etc) that store personal information, and another for online banking, etc…
I have found that it seems to work pretty well, but you still need to be careful and create passwords that follow the case, numbers, and letter rules, and of course, not inadvertently give them out to phishing sites.
friar_don says
I have a rotation of about five passwords (up from three last year). I am not sure if this is safe or not….
Kevin_Martineau says
I have been only using 1 password but I am going to take your password advice. Thanks for sharing it!
Dlake108 says
I use 1Password and have used it several times to remember passwords for various accounts. It's been reliable and as often as I backup … the passwords are too.
@karlfisher says
i have two basic passwords depending on the website; one for sites that access financial data, and one for everything else.
@johnko76 says
working of the main post's suggestion. you can take a password – e.g. sunlight and then add to the beginning and end of it based on the website url (like the first and last letter of the main URL). for a website like facebook