I have compiled a list of what individuals can do to increase the security of their passwords. It is not meant as the final word in psw security but rather a helpful first step compilation of what a novice should do to protect their password.
If I am wrong with what is on the list or omitted an item just let me know and I will try to correct it.
Thanks for your opinion and of course to those who posted so very generously in the original thread. Having just recently had my Yahoo psw hacked, I sense this is a topic one needs to act on.
1. Don’t confuse strategy with outcome, ie, just because you haven’t been hacked does not mean you will not be hacked at some point in the future with your current psw strategy.
2. Your psw should be at least 10-12 characters long; longer is definitely better. Vanguard will only allow 10 characters.
3. Have at least 2 upper case letters
4. Have at least 2 lower case letters
5. Have at least 2 numbers
6. Have at least 2 characters, such as an * and #
7. Do not try to have the psw be an easy to remember series of characters and numbers.
8. Change it at least every 3 months
9. Updating your anti-virus program regularly is obviously necessary.
10. Never reuse passwords
11. The length of the password matters more than the randomness, within reason.
12. Use multiple techniques, such as TrueCrypt (which can use a key file instead of a memorized password) and Keyfile to protect your data files.
13. As for keeping your data local, put your browser profile, email data, and all other sensitive information inside a TrueCrypt volume. Instead of memorizing a long password, TrueCrypt allows you to use a Keyfile. What's that mean? A file is used for the password. So, choose from any number of vacation pictures, programs, music, as your password. As long as you don't tell anyone where those files are, it's very secure. In fact, you can put the file on a USB stick and store it somewhere. Don't store the vacation pictures with this USB stick..
14. Don't use the same password for everything
15. If your email is through Yahoo or Microsoft look into setting up two step authentication for your security. If you don't know what this means, find out.
16. If you are going to store passwords, put them on a removable drive which is encrypted. Don't give them to other people.
17.
URLs to check out further on this topic:
Get an idea of your psw strength by going here:
https://www.microsoft.com/en-gb/securit ... ecker.aspx
https://www.grc.com/haystack.htm
Study more here:
https://www.grc.com/passwords.htm
https://lastpass.com/
On the internet there is no such thing as absolute security, rather only an increased statistical possibility that you won’t be hacked based on a prudent and informed strategy.
Yes, if they really want your info they will get you, or me, or anyone. After all, many major institutions have been hacked, among them
Pentagon
http://www.npr.org/blogs/thetwo-way/201 ... s-networks
and
NASA
http://abcnews.go.com/Technology/story?id=119423&page=1
I take no responsibility as to the implementation of the suggested strategies above, but if this gets you thinking about your security, then the purpose of the list will be served. Sometimes thought can be a useful prelude to action.
Good luck.