This is part 3 of a series on passwords. If you have not seen it, check out part 1 or part 2.
Recently I showed you a way to make a really secure password that no one can figure out. But, that does not really matter - no one is hacking your password! Wait, what??!? Does that mean we should change all our passwords to 'password' and give up? No, not at all.
Think about your computer:
If the bad guys get your password, they might find a few interesting things. Maybe you store your credit card number on it, some information about your work that might be useful. But, for the average person, there is not much that would interest the bad guys. However, what if they could get access to a whole bunch of passwords with one attack?
So, the bad guys try to get into the server for a social media, email, or some other small account to get the whole list of usernames and passwords.
Now, these passwords are usually not stored in plain text. That means after you make up a password, the site runs it through a program that changes them from 'dogStetson' to something like '880552b5e12288b854370324da0887567a8de70f'. There is no program to change that long string back into dogStetson, but there are some ways around that.
The bad guys have long lists of common passwords that people use, and what they look like after they are run through the changing program. All they have to do is compare that list with the list they stole from the server. After that they know a lot of the passwords and the username that goes with it. Our goal is to make sure our password is not one of those! If we have a complex password, then even if the bad guys get the changed password, they do not have anything they can use. And since they are usually not targeting you on purpose, they give up on the passwords that are harder to crack.
No big deal, you think. I don't have anything important in that account - if they can get into my email and find out that I like Dunkin Donuts and my friend Julie is having a housewarming party, who cares? Maybe no one.
But, did Dunkin Donuts send you a birthday coupon? Well, now they know your birthday. What happens if you forget your Amazon account password? Do they send you an email to reset the password? Do they send it to that address? Now they can reset your account password, see at least part of your credit card numbers, and also see your address and possibly your family's addresses. What if you use the same username and password for your bank account? Now you are really in trouble!
In the last part of this series, I will show you an easy method to have a unique, strong password for every site you use - without resorting to a monitor full of post-its!
Image courtesy of supakitmod, hywards at FreeDigitalPhotos.net