Day 3 | Be safe | Password protect

×

Error message

Deprecated function: Methods with the same name as their class will not be constructors in a future version of PHP; mPDF has a deprecated constructor in include_once() (line 38 of /var/www/dev.takebackthetech.net/drupal7/sites/all/modules/print/print_pdf/lib_handlers/print_pdf_mpdf/print_pdf_mpdf.module).
Sunday, November 27, 2011

How many passwords do you have? How many times do you get asked for a password as you use different spaces on the internet - from email to social networking and all those cool tools you've signed up for that are internet-based?  Hopefully you get asked A LOT. If not, it's probably because your browser already knows your password – and so would anyone else using your computer.

Our use of online services and the requisite “login” has become automatic on many levels. Having our information accessible only via password also automatically gives us a sense of security.  But , as any woman who has experienced cyberharassment can likely tell you, it's a false one. Often, this is because of our own poor password practice. But also because guessing passwords is automated – in fact, hundreds of password-cracking programmes exist on the internet.

If we  stop and purposefully think about the information that passwords are meant to protect, we might take them a bit more seriously. It's not only our privacy and security at risk – we put everyone we have contact with at risk, including our fellow activists and the women our organisations are trying to support. A breached password is the first step to private information being leaked, and could harm you or people who are important to you. Hacked email and social networking accounts are a constant digital security concern cited by women human rights defenders. Communications are compromised, private contacts are infiltrated or even made public, organisations can be discredited.

Many of us are asked to trade privacy for trust – in personal relationships and even for accessing online services. We  may feel we have “nothing to hide” or not realise that our trust in someone can change over time.  In personal relationships, privacy is an important part of respect and trust, and we should never be expected to share our passwords to prove trust, or expect others to share their passwords with us. By taking the time to create a safe and secure space we really are respecting ourselves, our families, friends and colleagues.

What's your password practice?

It's common to use the same password or some variation of it over and over again. After all, it's hard when you are facing that sign-up form to a new service to be creative and think up a new password. We might start to do things like write them down, use secret terms like “letmein” (the eighth most popular password in a 2011 study), put them in a file on our computer or cell phone cleverly labelled "logins” or “passwords”,  or on the post-it stuck right by the computer. We frequently share our passwords with our friends and intimate partners, or choose passwords that are easy to guess or even known publicly, like the name of our partners, family members and pets, and birthdays.

Once one of your passwords has been guessed, a hacker will immediately try to gain access to other online spaces you use. Frequently we are only careful about passwords in one or two sites – such as banking sites, without realising that the information we've left vulnerable to attack in other trivial spaces, ie when exploring a new online tool, will give the hacker clues to our other passwords.   That's why it's important not only to have different passwords for different spaces, but different logins and corresponding emails. (for more information about hacking programmes, read Passwords)

Keep your information safe. Secure your passwords!

1) Assess

  • Is your password secure? Think about your own password practice, and the information your passwords guard.
  • What information is password-protected? (your computer, mail, contacts, photos, chats?) Would it put you or anyone at risk if someone were to gain access?
  • How many places do you use the same password? If the answer is 2 or more, it's not secure.
  • When was the last time you changed your passwords?
  • How many people know your passwords?

Check out this list of popular passwords. Is your password on it?

Put a sample password to the test to see how long it might take a cracking programme to guess it. (Note: such sites say they respect your privacy but better not to use a real password).

Feeling safe? Don´t. Processing speeds are soaring in regular computers to accomodate gaming and other demands and a password that could only be cracked after several months of persistent computer attack last year can now be cracked in days or even hours thanks to new graphics cards.

2) Think passphrases instead of passwords

  1. Passphrases are easier to remember and can help us interconnect important associations that only we know about. It is also usually much longer than a password, which can make it harder to crack.
  2. Don't use dictionary words or proper names. As mentioned earlier, password hacking programmes include those that go through words in dictionaries - and in different languages, so substituting English words with other terms is not foolproof.
  3. Don't use information that can be easily associated with you - birthdays, family names etc.
  4. Build complex passwords that include characters, lower and upper case, numbers and punctuation points. If the service allows it, use spaces between the characters as well.
  5. And the longer it is, the better. At least 10, 12 or even 20 characters.
  6. You can also create complex and long passwords that are easy to remember from passphrases that are meaningful only to you. Check out our "be safe" section for more strategies and ideas on how to build better passwords, and more information on password-related risks.
  7. Every month you can have fun thinking up interesting passphrases and renew your password at the same time.

3)    Change

  • Take the time right now to make at least 3 of your passwords more secure.
  • Plan which ones you will change next, and consider using an encrypted password manager like Keepass to help you remember all of them
  • If you haven´t password-protected your computer yet, do it today!

4)    Spread the word, but not your password

Let other people know about the importance of having good practice and secure passwords on Twitter and Facebook.
Tweet #takebackthetech and #16days with your password #badhabit or others that you know about. Or share your #worstpassword – but not until after you've changed it!

Just as we insist on best practices in our activism, we need to develop best practices around keeping the information on our computers safe and ourselves protected online.  Password-protect!