Really, you need to Take Control of Your Passwords (Book Review)
It’s impossible to avoid passwords, and security questions, if you use a computer, smartphone or tablet. There’s the first moment of starting up where it may ask you to log in to or set up an Apple account, for example. Then there’s email, Twitter, Facebook, chat. Oh, that site for backups, and banking, your blog or business website, and that forum you joined…
Before long you have dozens of passwords to deal with.
A cunning scheme for passwords
But you’re OK. Your friend gave you a cunning scheme for creating memorable passwords. Or did they?
As of late 2012, nine-character passwords containing upper- and lowercase letters, digits, and symbols can be cracked by brute force in—are you ready?—five and a half hours. (Read about the equipment that can do it, by checking a staggering 350 billion passwords per second, …) Even an off-the-shelf GPU in a run-of-the-mill
PC combined with free software can easily check 3 billion passwords per second
The bad guys can break 3 billion passwords per second! Still feeling good about your clever memorable password?
Take Control of Your Passwords
In his latest book, from which the extract above (and any below) was taken, Joe Kissell explains passwords in clear, calm language, and explains for all of us why we need to really, actually take control of our passwords. The stakes are high.
But the most important thing is that he doesn’t just tell us how to make secure passwords. Instead he puts passwords in context. He explains why one weak password in the wrong place can cause your system to unravel:
If you stored your fortune in a safe deposit box, you wouldn’t keep the key hanging on a hook outside your house.
Even before I finished reading the book I’d set a passcode on both my iPhone and iPad — something I’d been reluctant to do before.
Plenty of advice for plenty of passwords
The book’s table of contents includes these sections:
- Understand the Problems with Passwords
- Learn about Password Security
- Apply Joe’s Password Strategy
- Choose a Password Manager
- Keep Your Passwords Secure
- Audit Your Passwords
- Appendix A: Use Two-factor Authentication
- Appendix B: Help Your Uncle with His Passwords
Joe’s strategy is to identify a very few key passwords you’ll have to remember and use a reliable password manager for the rest.
He goes on to write in detail about several password managers, but recommends my favourite 1Password for those who can’t or don’t want to decide for themselves.
But, of course, I simplify. There are caveats even with this kind of approach, but Joe explains what to watch out for and how to deal with exceptions.
Ahh, security questions …
I don’t know about you, but the folks around me are an honest bunch.
What colour was my first car? That’s right, blue. So they answer the security question with the truth. That same truth that someone who was out to steal their identity could fairly easily discover: mother’s maiden name, dog’s name, first college …
But, as Joe says:
When asked to supply the answer to a security question, there’s one rule: Lie.
Still, lies bring their own reward: we have to remember that tangled web. Of course, Joe has his answer for that. If you can’t guess the answer, you’ll find it in the book.
Take password action now
As I read this book I highlighted no fewer than 7 passages I felt I’d like to refer back to. That’s a record for me.
I also stopped reading and applied a passcode to both my iPhone and iPad because I took to heart his caution that I’d left myself open to someone breaking in to my email. And it’s not that my email account is protecting any state secrets; it’s the whole issue of someone being able to use the change password feature on websites and using my email account to see that through.
I really hadn’t considered the implications of that before. My bank accounts, my blog, websites that belong to clients were all vulnerable.
If someone picks your pocket and gets your cell phone, they can easily check your email address. Then they can plug your address into forms on hundreds of Web sites, click the “forgot password” links, and use the information that shows up moments later in your phone’s Inbox to access all your accounts.
I thought I was moderately clued up about passwords and security, and I was. But times have changed and thanks to Joe’s book, I can see I was in fact only slightly clued up. I was using secure passwords (mainly), using a password manager, I had even already lied on one of those darned security question forms.
But I was also leaving doors wide open that should have been closed. I also have some work to do on updating some existing passwords, and changing habits such as logging in to email and other services insecurely on open wifi networks.
Luckily, Joe gives us 88 pages of clear, straightforward and practical advice on all these topics.
Read or regret
Look, I hold all the Take Control ebooks in the highest esteem. I recommend them without hesitation. But this book: read it, and change your ways or you may very well regret it.
A few years ago a good friend, who’s very clued up and savvy about the Internet, fell victim to a phishing attack. It took days, if not weeks, for her to change credit cards, update passwords, clean up the mess.
Using insecure passwords and security measures is just asking for trouble. It’s not hard to do the right thing, and Joe tells us what the right thing to do is. Thanks, Joe.
Read this ebook
This 88 page book is an easy read and packed with useful advice. Not just for Mac users, it’s an important read for anyone who uses gadgets, devices and computers of any ilk.
- 88 pages
- Version 1.0
- Published Feb 26, 2013
- 2 MB download
- ISBN: 9781615424184