Monday, June 6, 2005

Last month, I spent several hours going through a rather frustrating process: I changed all my passwords on all my computers and websites. I now do this every three months.

This was prompted mainly from my webserver, which has been hacked twice in the past couple of years. I know it’s important to change passwords occasionally, but I never bothered to until I lost data on hacked websites.

There’s an unexpected benefit to this: I’ll occasionally be reminded to return to a website I haven’t visited in a long time, and my current password won’t work. I’ll try previous passwords until I can get in, then write down this new website. I now have a comprehensive list of sites that require a password, and I’ve closed accounts on a few that I no longer need. So, I’ve eliminated a few repositories of my personal information that had been floating around.

I remember my passwords by having different levels of passwords: I have one password for throwaway accounts that don’t keep any personal or financial information (such as forums and games), another for financial websites, and another for e-mail. I only have a few passwords that I use every day; the rest (for things like MySQL databases) are at least written down. All my passwords are currently written on a sheet of paper that I’ve hidden in my house.

Moreover, all my passwords use upper-case letters, lower-case letters, and numbers; Almost all are at least eight characters long, and the very important ones use special characters (e.g., *, #, %) if possible.

Is this a pain? A bit. But I feel a lot more secure. I think it’s worth the trouble.

Leave a Reply

I work for Amazon. The content on this site is my own and doesn’t necessarily represent Amazon’s position.