NK5's Blog

Content copyright NK5 LLC and may not be re-printed without prior permission

Identity theft is a very real threat in this day and age. If you have been lucky enough to avoid the nightmare of having to clean up after someone steals your identity, heed this advice.

Did you know that over 70% if internet users polled admitted to using the same password for every web site they frequent? They said it was just too much of a hassle to remember different passwords for all those different places. The problem is that while web sites like your bank are extremely secure, other web sites you visit may not be. All someone has to do is break into one of those web sites, steal the entire database of users, email address & passwords, and then use that same password to login to your email.

From there it's like taking candy from a baby. They can use your own email account login and password to find other web sites you visit, and then login to those too. Even if the password for your banking site may be different, the hacker could easily have the password reset or emailed to you email account, now that they have access to that. (Ironically, people's email password is almost always the easiest one to guess or hack.)

So what should you do about it? The answer is obvious - use different passwords on different web sites. You may be wondering how you are expected to remember all those passwords without having to write them down, defeating the purpose of this exercise in the first place. I'll let you in on a method that is both easy to remember and extremely effective at keeping the hackers at bay.

This method is what I call the multi-tier approach. Decide how important a web site you visit is, based on what kind of personally identifiable information is kept there:

Low risk:
If it's just a place where you are only known by an alias and they didn't ask for any personal information that could be used against you, that site is considered low risk. If someone were to hack into your account, the worst thing they could do would be to leave comments on a forum pretending to be you or perhaps read all that spam in your inbox.

I have many low risk accounts. I create different email address for different web sites, forums, etc.. and always lie on the registration form. Just be sure to remember what you filled out in case you need to reset that password. These low risk accounts are great for registering an account without having to worry about getting even more spam.

The password I use for low risk accounts is not easy to guess, but is easy to remember. If someone really wanted to hack into those accounts, it probably wouldn't take them long. They would be surprised to find that my name is Jabbr Mouth, and that I live in Alaska.

An example of a low risk account password would be '07honda'. I don't drive a Honda, so it wouldn't be easy for someone else to guess. I consider Honda's one of the best cars for the money, so it's easy for me to remember.

Medium risk:
Medium risk web sites are places where I need to use real information, and might be a little bothered if someone were to hack into them. Places lke MySpace and Facebook are good examples, assuming you use real information on those types of web sites.

The password I use for medium risk accounts are similar to the one for low risk accounts, with something added in to make it difficult to hack in a timely manner. An example would be '20black07honda'. Again, I don't drive a Honda, but if I bought one, it would be black.

I also change the password on medium risk web sites at least every 90 days. If you use Outlook, it's a trivial thing to set an appointment reminder.

High risk:
High risk web sites are banks, PayPal, Amazon, or any web site that has ever asked for your mailing address, bank account number, credit card number, etc. A hacker could do some damage to your life if they were able to login to a high risk site.

For these high risk sites, I use a password that is next to impossible to hack, even by brute force. I typically use long foreign language words with mixed case, and throw in some numbers and symbols, if  the web site will allow them. An example would be 'Negra2@@7Honda!'  Notice how long that password is, but yet still fairly easy to remember.

It's also important to use a similar pattern when chosing passwords for high risk web sites. I use a pattern that I can figure out within three attempts if I happen to have forgotten which password I used. That will keep you from locking out your own account and having to phone the bank to have it reset. As an added precaution, be sure to change your high risk web site passwords at least every 30 days. It may be a pain in the rear to do so, but having to untangle the mess of identity theft will make your life a living hell for well over 6 months.

I personally use a lot of high risk web sites, so it's become a problem to remember them all. (Not all web sites let you use symbols in password fields.) I've often resorted to saving them in a text file on the computer, and then using GNU PGP (free software) to encrypt the file with a password that would take years to hack. If you decide to go this route, be absolutely sure you don't forget the password you used to encrypt your master password file! (And stay away from software solutions like Gator - they are incredibly easy to hack into.)

By the way, your wireless router should be considered high risk. If someone were to use your wireless internet connection to hack into somewhere else, YOU would be held responsible. If you haven't done so already, secure that wireless router with WPA, MAC Address and an impossibly difficult password. WEP can be hacked into in less than 5 minutes, regardless of MAC address lock-down or password difficulty.


By following this multi-tier password approach, you can sleep sound at night knowing your most intimate details are secured from prying eyes!

NK5

to NK5