Password posers

When I was a kid we left the house key under our back door mat. In 20 years of the practice, no one ever burgled the family home.

These days, the equivalent of a naïve trust in a doormat to keep things secure has gone electronic. People will dead-bolt their doors but still leave passwords to their Internet activities flapping on the air-conditioning breeze on yellow post-it notes or they use their first name or (yes, this really happens), “password” as the entry to their on-line possessions.

Passwords are a pest but try living without them. Back in the eighties, when EFTPOS arrived, it’s likely you had only one to remember and that was only 4 numbers. These days, many people have a dozen or more that matter and others that get used once and discarded.

It’s not silly to protect your on-line life with passwords that defy a pattern. Your credit card information, personal information, bank accounts, Trade Me access and all manner of things you use every day are kept from being public items only by an imaginative and unique password. Cunning people have written programmes that attempt and often succeed in deducing passwords. If you share the same password across all your accounts, cracking one gets someone into your electronic life in the worst possible way.

Difficult though it may be to remember many passwords, aim to think up a new one for each on-line site you use. When you set a password, use characters others than a-to-z. Try mnemonics: my own cat’s name is bob and he is black, would be “mocnibahib”. It’s not bad but it’s still just a-z. Confuse it more to a would-be cracker but make it logical for you to remember. Use an ampersand instead of ‘and’. Capitalise the cat’s name maybe substitute a zero for the letter o: m0cniB&hib. Computer password systems treat upper and lower case letters as distinct so even mixing cases is better than a plain word. Toss in some numerals and shifted characters and you’re starting to protect yourself better. Shifted characters are the upper characters on your keyboard when you hold down the shift key.

Password protection extends to more than bank accounts and Web sites. Anyone using wireless access at home really should use protection or risk letting any passer-by with a wireless device into his or her network. If you carry a laptop or smart phone consider what you’d lose if you lost it and it wasn’t protected by a secure password. On a laptop, set a password in the bios which prevents the computer starting up at all without the correct password. Hunt through your laptop’s manual for the terms bios and password.

If you need to travel with a laptop, you might buy the Ultimate and Enetprise versions of Microsoft Windows, which include the ability to encrypt the hard drive. An alternative is to use something like TrueCrypt (www.truecrypt.org), a free disk encryption program. Updated: Truecrypt has been discontinued amidst concerns about its efficacy by its authors.

People who run Web sites and invite your participation with a password can often read your password in plain characters behind the scenes. You can obviously trust most of them but if you log into a new site, type in a password and username that you use everywhere and decide whether you would really be safer to think up some new ones. What if you strike a site run by scumbags who then scurry about, tracking you online to try that username/password combination? Would he or she have your bank account access within a week?

Passwords are a pain to dream up and remember. Free sites, such as www.lastpass.com can help out by storing them online (encrypted) for you. However you do it, take the time to treat passwords as the key to your door and find something better than the mat to hide them under.