Wednesday, March 9, 2011

WotW: Change your clocks... and your passwords

Daylight Saving Time begins (at least here in the States) on Sunday, so you know what that means:

Change your clocks
(spring forward)
change your passwords!

Oh, and change the batteries in your smoke detectors.

Why do we do these things every 6 months?

Well, to be honest, I can't explain Daylight Saving Time. I understand the concept and all, but it doesn't seem as relevant in these days where we are not mostly farmers cultivating our fields nor involved in a war that requires us to sacrifice and conserve energy (...). I do enjoy the long summer nights however. 

For the others... we change our passwords and change the batteries in our smoke detectors to keep us safe! An estimated 1/3 of smoke detectors in US homes have missing or dead batteries. Changing the batteries every 6 months ensures that your batteries are fresh so you smoke detector will work properly in the event of an emergency. Changing your password every 6 months (or more often) helps keep you and your online accounts safe. And both are, luckily, pretty easy.

Most people who know things about things like this (like, the people who are trying to keep people from hacking your various online accounts) recommend changing your passwords every 3 months. It's a great suggestion and one that I try to follow, but since it can be hard to keep track of, I change my passwords at least every time the time changes (with a few exceptions... see the ** below.)

If I happen to remember to change my passwords more often, I give myself a big pat on the back (and a cookie), but I figure I'm still being more proactive in my online security by changing passwords every 6 months than the average Joe who NEVER changes his password. And, to some degree, online security is about not being the bottom of the totem pole, not being the person who is the easiest to hack. Plus it feels nice to know that you're ahead of someone somewhere, right?

Quick tip: if your password is "password"... you are at the bottom of the aforementioned totem pole. Buried in the ground at the bottom of the totem pole. DEEP in the ground. Go now and fix this and never speak of it again.

But... I have a LOT of accounts. It can be very time consuming (although worth it) to go through and change all those passwords in one fell swoop. So, I don't spend a whole day going through and changing every password of every account I've ever created -- how boring would THAT be? I'd much rather be obsessively reading each and every blog post in my reader. :) 

Instead of spending one big chunk of time updating all my passwords, I update as I go. On the designated day (that is, the day when my clocks either spring forward or fall back and I am mostly either late or early everywhere), I select new password(s) and then take the time to update each account to the new password the next time I log in. So, my email account is usually the first to get the new password, where my eBay or Craigslist password might be a week (or so) later in getting the new password. 

For the most part, my online accounts use a root password and then an individualized prefix or suffix based on the account name -- part of the site title or something else that I can follow a convention for and easily remember. NOT something obscure like the first three letters of the zoo animal that starts with the first letter that follows the middle consonant of the site's URL. Something that you'll remember easily for those accounts that you only log in to every 6 months.

I do have one big exception to this root + prefix/suffix password pattern:

**my online banking accounts**

Of all of the accounts that you want to protect most... Facebook isn't it... (Remember, Facebook only knows what you tell it, so don't tell it anything you don't want people to know!) ...but your bank is.  

My different online banking accounts are the only accounts that I actually regularly remember to change more often than every 6 months. It drives my husband nuts because he is just learning one of my convoluted (and therefore safe, theoretically) numbers-for-letters and random-capital-letters passwords when I change it to a new one. But if it felt terrible having my email hacked... I can't imagine the feeling of having my money hacked! Better safe (and with an aggravated husband who can't see the checking account ;) than sorry, in my book.

We've talked a bit about passwords before (in this post here about basic web security), but as a reminder, a strong password...
  • is not a word that can be found in the dictionary
  • does not include personal information for you or your family (names, birth dates, etc)
  • contains 7+ characters
  • uses a combination of uppercase and lowercase letters, numbers, and special characters (* . ?)
  • is easy for you to remember and hard to guess, such as a the first letter of each word in a line of your favorite song or a unique phrase
But of course -- once you've created a strong password, you'll find a site that won't allow something about your password (and then the mouse will ask for a glass of milk...). The password is too long, contains an unacceptable character (such as * .  or ?), or, like my local library, requires a completely different type of password, such as a 4-digit PIN. 

In that case, when I know I will never remember that I altered or changed my awesome password in such-and-such way for such-and-such site -- I write it down.Don't record enough information that someone who found the paper or file on your computer could use that to access your account(s) -- just enough information to jog your memory. And, if in the end your memory still fails you, every major site nowadays has a password recovery system that works quickly -- use it to your advantage. :)

Password questions? Concerns? Leave me a comment :)

Lu (or Lorene if you prefer) is the mom of one squirmy boy and the wife of a singing and dancing elementary teacher. She is the proud author of this weekly Wednesdays on the Web (WotW) segment here on Housewife Eclectic and spends the other days of the week blogging about crafts and whatever else comes up at just Lu.


Brandy@YDK said...

we have to change our passwords at work every 30 days and it can't be any combination of the same characters that we used the previous 24 times. REALLY?! do you know how hard it is to think of new freakin passwords that much.

Cranberry Morning said...

I hate daylight saving time. In fact, it saves no time at all. It only wrecks my sleep and confuses the animals.

I have to change my passwords?? Oh no! I have several accounts too, and each has a separate password. I'm not sure I can be creative twice. :-)

And even if I don't get all my passwords changed, I promise to change the batteries on the smoke alarms. We do it as a course of habit at the beginning and end of DST.

Gwen @ Gwenny Penny said...

I needed to read this. I'll leave it at that:)

Amy said...

Thanks, Lu! I just told my husband about this as I was reading it and he groaned--probably just like your husband. LOL

Now to develop a stronger password.

Tera said...

I needed this. I love change, but I can never remember my passwords, so I don't change those. It's time to start. Thanks Lu!

Blogging tips