MacMost Now 337: Strong Online Passwords

Do you use a dictionary word, date or common password for your online accounts? Then it is only a matter of time before your accounts are compromised. Learn how to use strong passwords for your online accounts to protect yourself. You can use the Mac OS X Password Assistant to create random letter and number combinations. Read more about online password security at http://macmost.com/online-password-security.html.

Video Transcript
Hi, this is Gary with MacMost Now. On today's episode, let's look at creating strong passwords for your online user accounts.
Now, there are a lot of aspects to online password security, and there is too many to go over in one video. So, I've created a long post, talking about all the different things you should be concerned about when creating a password for one of your online user accounts.
You can go and check it out at this web address. But, in this video, let's just deal with one aspect of it: that's creating strong passwords.
So, before explaining what a strong password is, it's important to understand what a weak password is. A weak password would be any word found in the dictionary. These are called dictionary words.
So what is wrong with using an obscure word found in the dictionary? Well, what malicious hackers do, is they set up botnets that are thousands of computers that every night try millions of IDs and passwords on popular websites. And the passwords they try are usually dictionary words.
So, if you are using a real word as your password, I can guarantee you that eventually, your online count will be compromised. Now, other weak passwords include dates. There are only a few different formats for dates, and there's only 12 months, 31 days, and 60 or 70 years that could represent any birthday.
So, if your password is your birthday, or your spouse's birthday, or your child's birthday, chances are that will be compromised eventually as well.
And, of course, there are common passwords. For instance, is your password abc123? Or QWERTY? There's a few thousand common password combinations that people use, and if using one of these, you're also putting your account at risk.
So, what's a strong password? Well, a strong password should follow a few rules. First of all, it should use both letters and numbers in the password. Second, the letters should be both uppercase and lowercase.
By combining letters, numbers, upper, and lowercase, you've increased the complexity of the password greatly. Now, make sure the password is at least eight characters long, and also, most importantly, make sure it's completely random. A random set of letters and numbers is almost impossible to guess.
So, it'll make your online accounts that much more secure. One way for Mac users to easily create random passwords is to use the Password Assistant built into Mac OS X.
Now, I'll get into it, because it's a little tricky, because it's not a stand alone application. But you can go to System Preferences, and in System Preferences, click on Accounts.
Once you are in your Accounts, you can click on the big Change Password button. This will bring up this changing password dialog. Now, we are not going to change our user account password here. What we are going to do is click on this little key icon, and that will bring up the Password Assistant, which will also create passwords that we could use elsewhere.
So, to use Password Assistant, first change the type of password to letters and numbers. Then, change the length to what you want. Let's just do a simple eight character password. Then, here under Suggestion, you'll get a suggestion that you can copy and paste.
You can also click on the pop-up button on the right, and see a whole list of suggestions. You can choose any one you want and copy it and then paste it into the password field of your web page.
You can get all sorts of passwords here. You can choose more suggestions to generate another list of suggested passwords.
So, it is important to use these strong passwords on your online accounts, including anything like Facebook, Twitter, Amazon.com, all that. And, most importantly, make sure you have a strong password on your email account.
If your email account is compromised, then all of your accounts are compromised, because usually you can go to one of these accounts and say, I forgot my password, email it to me. And, you will get it in a email.
So, if somebody has your email account password, they can basically access to all of your online accounts
I highly encourage you to go and check out the long post I wrote about online password security. Everyday, thousands of social media, shopping, email, and other online accounts are compromised. Don't let yours be one of them.
You can check out all of the suggestions I've got. You can even use some third party utilities, like the highly recommended 1password application, to make sure you have a unique password for all of your online accounts.
Til next time, this is Gary Rosenzweig, with MacMost Now.

Comments: 9 Responses to “MacMost Now 337: Strong Online Passwords”

    forkboy1965
    12/28/09 @ 12:50 pm

    Always a great subject to cover. And thanks for the heads-up on the random password generator built into OS X; never heard of it before.

    Vicki
    1/2/10 @ 3:09 pm

    I created what I consider a strong password. It had Capital and lower case, plus numbers in the password.
    I also had my account with PayPal, which is why the person who did it got caught so fast. (I don’t know why that is but I’m glad.)
    I got breached anyway. I’d hate to see what it would have been like if I hadn’t used PayPal.
    I still don’t understand how they even got my SSN, since I never put it anywhere in the account. PayPal has no slot for SSN. You use your bank card or credit instead. I don’t think I even put my SSN on that. These days, I refuse to give my SSN to anything online. PayPal doesn’t ask and nobody else will get it from me.
    I wonder what type of trouble the person they caught is going to get into. I can’t wait to see.

      1/2/10 @ 3:23 pm

      If you had a strong password, then they probably didn’t get it from a dictionary attack. Instead, they may have gotten it from phishing, or maybe you logged in on a public WiFi or a public computer. They could have also used your “secret question” answers in Paypal to get it.

      1/2/10 @ 3:25 pm

      Oh, and Social Security numbers are relatively easy to get. Any private eye can get someone’s ss# for a small fee. I’m sure other can do it easily too. Not sure of the methods, I just know your SS# is not secure.

    Vicki
    1/2/10 @ 5:36 pm

    I forgot to say thank you for doing this video while I was busy thinking of my recent mishap.
    I used a name but not one you’d find in a book of names. But it WAS a name. I’m not using it now, so I have no concern saying it.
    I’m going to do what you said. That’s why I’m thanking you.

    Robert
    3/18/10 @ 6:22 am

    Hi,you can try to use LoginTrap.It’s prog can capture every login events by using iSight.It really good tool.

    Mr Anthony Cotton
    8/3/12 @ 11:28 am

    I was on the Gizmondo website,and this guy brought this topic up.
    He said it was bordering on privacy law. When you fill in your private details to join a website. I mentioned your site,that you don`t have to have a password.
    I said you just use your email address,but he wasn`t satisfied with that.
    I have had up to 8 IDs for Apple,and i right them down in a book. The last Apple ID i just dealt with it the other day. I was sick of going backwards and forwards to my email account,and i don`t have a clue when it says these do not match,when i have it written down in a book. This also happen`s i start off on the Apple UK site,and after a while i look down and i find myself on the Apple USA site. This also happens with Adobe.Back to the password topic,you have my email address,and this guy said i would not trust that site. I said why,then he said some computer jargon. I said i trust him fully,but he could not understand why i did not have a password,and i would like to know why just to tell him. I hope you can understand what i am trying to say Gary.

      8/3/12 @ 11:47 am

      I don’t understand what you are asking. There is no login for MacMost — you don’t have either a user name or a password. You have no account. There are no accounts. I don’t “have” your email address as part of an account.
      Maybe you suggested to him that you have an account and that this account didn’t have a password? But that’s not true. There is no account, no ID, nothing like that at MacMost.

    Mr Anthony Cotton
    8/5/12 @ 9:32 am

    Yes i know that Gary. I told him i did not have an account,password,username.
    I know there is no account on your site Gary.
    Try telling this guy. He has been on to me again,but i am just ignoring him.

Comments Closed.