Living With Technology: The Need for Good Passwords
Published 2:39 pm, Friday, February 3, 2017
Seems that our online world revolves about passwords and security. The problem is that it’s very difficult to be secure.
This was brought to my attention when I recently moved a Web site of mine to a new computer and the software included a report of all of the failed login attempts to the administrative functions.
My site is not a particularly popular site, but it uses WordPress as the software tool. This means that if anyone goes to the site and simply adds “/wp-login.php” to the Web site address, they will be prompted to log in.
This is a very easy thing for a software programmer to code. Go through a very long list of Web sites, add the suffix above and try a few login combinations.
The problem is that there are some very common login credential combinations, such as a login id of “admin” and a password of “admin.” Many people also create passwords with very simple passwords such as: “password” or “abcd.”
What surprised me about this new site was that in the past two weeks, the site has received more than 450 login attempts! This astonished me. More than 450 people are trying to get into my tiny Web site!
If this is what’s happening to me, I can only imagine the efforts people are putting towards bigger sites such as Amazon.com, The New York Times and more.
But it also tells me that there is more reason for me to be careful about my email accounts, which are accessible via the Internet, too. And, of course, along with my emails, so are my bank accounts accessible via the Internet.
Knock on wood, I’ve not had anyone steal my identity or empty my bank account … yet.
So, what to do about this? Here are some general rules for passwords:
First, do NOT use the same password for every login you have. If you do this, once someone has your password for one account, they can easily gain access to another account. A good way to do this is to come up with a “rule” you can follow, but only you know for each password, such as using the first four letters of the domain backwards followed by the month and year of your spouse’s birthday.
Second, use “strong” passwords that include letters, numbers and special characters such as !, #, + and more.
Third, change your passwords from time to time. With literally hundreds of sets of login credentials, this is a great idea, but very impractical. Nonetheless, for accounts such as banks and other key sites, changing the password at least once each year is a good way to protect your financial information.
Fourth, use two-factor authentication when available. Generally this means that when you log in to an account, it will send you a text message that includes a unique number that needs to be typed in. So long as you have your phone with you, no one will be able to access your account.
Fifth, use a password manager. These are software products that will manage your passwords across multiple devices (laptop, desktop, phone, tablet, etc.). PC Magazine has an excellent review of some of the top products. The report is available at: http://www.pcmag.com/article2/0,2817,2407168,00.asp.
The Internet is here to stay. It is a great tool to have, but has introduced a level of vulnerability that we’re still working to address. A little understanding, vigilance and housekeeping on everyone’s part will go a long way to keeping you safe.
Mark Mathias is a 35+ year information technology executive, a resident of Westport, Connecticut. His columns can be read on the Internet at http://blog.mathias.org. He can be contacted at firstname.lastname@example.org.