Fingerprint on keyboard

Security Confessions from Darth Securitas: Passwords

A password is a funny little collection of characters that make you feel utterly safe one moment and then destroys your trust the next. Chances are you’ve a few passwords of your own that you covet the same way Linus does his security blanket.

We live in an age where website breaches, database hacks, and password leaks are becoming so normal that only the really big ones seem to hit the news. We could spend days, even weeks, debating who is to blame for the destruction of the sacred.

When the Ashley Madison breach occurred, I heard more than once that the users were at fault for using such a service to begin with. In the case of LinkedIn, one could argue that the company should have had better security. I laughed when Mark Zuckerberg of Facebook fame was called out for using “dadada” as his password on LinkedIn, Twitter, and some other sites.

But the point of this post is not to point fingers. What I am hoping to do is empower you to take and keep control over your passwords. Though before I do that, I must point out that I am known for my passionate campaign to make users safe on the internet.

I strive to educate anyone who will listen about internet security while keeping panic down through information, awareness, and non-techie jargon. I’ve even helped a journalist from a UK newspaper that had his laptop stolen. To me, security is a serious topic, though there are some rather comical fallouts when hacks occur.

Before I cultivate you awesome folks into secure internet lurkers and users, I feel it is important to share my password journey. Some of you may laugh, some may shake your head, others will think I’m ever so slightly insane. I see it as a journey where I made the mistakes so you don’t have to.

My first and only password

Growing up during the world wide web revolution was fascinating. I suffered through AOL and BonziBuddy like so many. And then the movie Hackers came out and I found myself wanting to scream. It wasn’t “Hack the Planet” I wanted to yell. Oh no! Instead I found myself wanting to shriek at how psychic that movie was. See, I was dumbfounded that the movie knew my password! Remember this scene?

For your benefit and pleasure, I present the only password I used at that time… love. I used it for everything. For. Every. Thing.

Leads to the Dark Side

In a panic I went on a password changing spree! I wracked my brain to find a password that would be safer than the one I was using before. I came up with a new one alright. It was powerful. It was fantastic. It was the one password to rule them all! This precious secret also became utterly obsolete the moment one of the sites I used to visit was breached and the unencrypted passwords were stolen and leaked. Yay!

At the time, I panicked because I had used “the ultimate password” on every site. I can’t help but wonder if Mark Zuckerberg panicked. It would be rather cool to know he experienced something I did over 10 years ago.

As this is a confession, I wish I could remember what the password was so I could share it. The only thing I remember is that it contained “l33t sp34k”.

With the benefit of 20/20 hindsight, I believe the reason I do not remember that magnificent password was because I was already starting the downward path to becoming jaded. In fact, I can honestly say that throughout the years I found myself sinking deeper and deeper into that state.

At one point, I ended up apathetic about passwords. But in the immortal words of Monty Python, “I got better!“

One password to rule them all

After years of education, self study, and research, I can honestly say that if one of the passwords I use on a website today is leaked, I will just wait till the developers fix the vulnerability that allowed it to happen. Once the flaw is patched I will then go change it to something new.

Today, I know only one password. Yet this password is not used on any website. Instead, this master password, when used in conjunction with my 2 factor authentication token, grants me access to my personal password vault. I understand and accept the risks of having this one password, but I am also confident that I have done everything I can to protect myself online. This is the security blanket I want to pass on to you in my next post.

Have Questions?

If you have any internet security questions, or topics, that you would like explained or simply want to see my confessions about that subject, let me know.