Hardening Passwords

A couple of months ago my Network Solutions account was compromised in that my username and password were changed without my knowledge. I have a sneaking suspicion that event may have been a preemptive strike against my move away from Network Solutions web hosting to Media Temple — if you can’t get into your NetSol account you cannot change the DNS pointers — but I have no proof of that suspicion other than a modulating paranoia and the uncomfortable knowledge there’s no such thing as a coincidence.

I was able to work around that lockout and I moved my DNS pointers to the Media Temple servers and all my sites are currently hosted with (mt). Lately I have heard too many stories from friends that their blogs have been defaced and that other previously thought “secure” places elsewhere had been broken and entered.

The most likely way those break-ins happen is a compromised password that was guessed by a human or brute force attacked by a super-human computer. Microsoft has some good advice on how to create a strong password. Here’s my quick method for creating a hardened password in seconds:

1. Take a favorite quirky phrase you can’t seem to get out of your head (“Yes, her dog eats marble rye.”) and take the first letter of each word and preserve any capitalization: “Yhdemr” to create the first part of your hardened password.

2. To create the second half of your hardened password, take the numbers and letters in a street address you will never forget and preserve any capitalization (“6321 Carlton Avenue”) becomes: “6321CA”

3. Create the hardened password by combining the first and second steps and you have a good, new, harder-to-crack password: “Yhdemr6321CA” — that password is a dead example and I don’t use it and now neither should you.

That will get you started! You can also throw in a few special symbols like “/” or “-” or something else if you want to make it even tougher to break. If you have a weak password right now that uses your pet’s name or a word found in the dictionary or a bible verse or your birthday or if it is less than eight characters in length:

CHANGE YOUR PASSWORD NOW AND THEN CHANGE IT AGAIN IN SIX WEEKS AND THEN CHANGE IT AGAIN IN SIX WEEKS AND THEN CHANGE IT AGAIN…!

After my Network Solutions problem I changed and super-hardened all my passwords to make sure I had a better base level of protection everywhere. Remember your online life on the web is especially vulnerable to weak password choices.

An online bank account or a domain registrar or a website or blog login screen are all publicly exposed to attackers 24/7 and, unlike the lock on the front door of your home, a thousand computers can try to crack your code all at once and they don’t even have to stand in line to break you.