Because I was snowed in by the blizzard, I used some of the time for a password day. The idea comes out a book called Perfect Passwords.
Pretty much, you change all your passwords in one day.
The purpose is to clean house, and especially get the old ones changed.
After so many hacks reported in the press, I wanted to make sure that it would be harder to guess what my passwords are. Unlike what we see on NCIS where they take three guesses and get it right, the hackers use a program to try different words, because most passwords are easy to discover.
Typical things people do:
- Start with a capital letter (particularly a problem for writers!)
- Have a number at the beginning or end of the password (no doubt because that’s easier to remember).
- Use the same password in multiple places.
- Don’t change it very often, or at all. Passwords have a short shelf life, and bad passwords have no shelf life.
The first thing was gather all the passwords together in one place. I had some in a spreadsheet, some in in my planner, some in a steno pad, and some not even written down. It turned out to be a bigger challenge than I thought.
I have over fifty passwords!
No wonder I was having trouble with them.
As of the writing of this, I’m still finding new ones. It seems like every site requires a password. Especially for writers because we might have Duotrope or Submission Grinder for tracking submissions; Submittable for submitting to most sites; and some sites that have their own password requirement as part of the submission process.
The second thing was to come up with a list of passwords I could use. They’re long sentences (silly in some cases; I had blizzard brain):
“run for it! the snow plows are coming!” the snowman on the bike said.
(That’s from a photo International Thriller Writers posted on Facebook for a contest and not an actual password. But the passwords are like that, and that long.)
Believe it or not, the longer ones with spaces are easier to type, even with the special characters. They’re also easier to remember than some of the typical IT recommended ones: sW$br*FRUcag72uDra. Heck, I’m not even sure I could type that!
Most of the passwords I came up with were such that I could add symbols or numbers, depending on the individual site requirements. I left spaces in where I could, since a space is a special character. A surprising number of sites let me do that.
What’d I do is try typing out the original password and see if the site took it. Not all of them were good about their guidelines, and even the ones that had guidelines didn’t mention that I could use spaces. So sometimes I was pleasantly surprised, and sometimes it was “Grr!” Because the site had a 24-character limit, or you could only use these particular symbols.
But I only got through about 25 passwords—it took a lot more time to do them than I expected, and I actually ran short of them on my list. So my goal is to come up with an ongoing list of potential passwords that I can pluck new ones from. Then I can do the last batch over time, and start the whole process again in six months.