Change your Passwords!

I’ve been meaning to write this for a few weeks now, with all the LulzSec hacking attacks going on.  In recent months, this group (and others like it) have compromised hundreds, maybe thousands of systems, and publicly released hundreds of thousands of account usernames and in many cases, passwords. And get this – sometimes the systems that are compromised don’t even know it, so you can’t rely on the media or a hacked company to tell you about a hack 100% of the time.  Hackers have gained access to personal and financial information from retail sites, gaming sites, even media forums, so I just wanted to warn people and talk about passwords a little…

Passwords need to be strong to be effective, but the stronger they are the harder they are to remember, especially across multiple games and websites, so people often fall into two different password ‘camps’ – either using easy passwords, like their last name backwards or, terrifyingly enough, ‘password’ (OK, if you have ANY game or website account with the password of ‘password’, please stop reading right now and go change it.  Do it now.  I’m totally serious.) or they use a really strong password, but they use the same exact password across all the games and websites they sign up for.

You can see the problem with both cases – using an easy password means that it won’t take a hacker too many guesses to get in, and using the same password across all websites and games means that if one of your sites or games gets compromised or one of your accounts gets hacked (Like what’s going on now with LulzSec)  then the hackers have access to ALL of your accounts and information.  The worst part about that is once they get your username and password to, say, your WoW account, they’ll try that information on LOTRO, then DC Online, then EQII, and so on, and so on, until they’ve hit every first tier and second tier game out there, and if you use the same username and password in every game you play they can strip every active account you have, literally overnight, while you’re asleep, dreaming of clowns.   Scary, huh?

There is a pretty effective compromise between ‘multiple easy passwords’ and ‘same hard password’ that you can use that will keep your accounts safer.  No password or website security is perfect, of course, so I can’t say you’ll NEVER get hacked, but this is better than the other two options above, and much easier to remember than random super-strong passwords for every website you sign up for.  What you should do is choose a really strong password , one that combines upper case and lower case letters, numbers, and at least one special character (if allowed) , and then for every website and game you sign up for, add two or three characters to the password that will identify the site or game in a way that’s obvious to you, but would be very difficult for someone else to guess.

This website is a good resource for seeing how strong your password is, if you’re curious:  http://howsecureismypassword.net/

I really encourage everyone who reads my blog to take some time and change your passwords, at least on your critical sites, like games or banking or anything that contains your personal or financial information.  This is especially important for web based email accounts like gMail or Yahoo, because if someone gets access to your email they usually have everything they need to reset the password on any other site, game, or service you’re using.  It doesn’t take long and if you use these tips, or any other tips out there that encourage the use of strong passwords, it will help make you more secure against hacking attempts and hacked systems.

Play Safe!

Ditto