Is your password 18 characters long?
• I have many online accounts including email; it is too much to remember a password for each one?
• I have antivirus that is enough protection, right?
• I have to write down my passwords – I code them so no one really knows what they are, or do they?
• I have one password for all or most of my online accounts?
• I have had the same password forever?
Do you fall into any or all of the situations above? We have to admit that email, Facebook, Twitter, LinkedIn and other online services have become part of the fabric of our daily lives. This means “passwords” have become an important if not indispensable aspect of accessing these services.
I was at the FTX (Feminist Tech Exchange) meeting on the 18th of April 2012, prior to the start of the 12th AWID in Istanbul. I registered to participate at the FTX for two main reasons:
a) To understand how I can keep myself and my information safe and secure online
b) To improve content and interactive tools I use to share & document information
I was therefore pleasantly surprised that the “first line of defence” for security & privacy online was passwords. While I have enabled passwords on almost all of my devices, I have not really thought much about the length, the diversity or necessarily the strength of my passwords. I get very irritated with sites insisting on minimum length or any other qualification for setting a password to access their services. Passwords are the key to my life and as a human rights defender, it may well be the vital information that can protect me from abuse and reduce my risk to potentially harmful attacks whether online or not.
I may be sounding dramatic now…but think about it…In my daily work, I interact with others doing similar work on helping victims/survivors of human rights crimes or violations. Sensitive information about our clients and their families are contained on disk drives on my computer, in emails and safes at the office. I limit access to this information by requesting users to input a password. But what if my password was ‘password’ or an easy to identify word like ‘market’ perhaps? This makes it easy to guess and does not secure your information.
I also learnt that there are many devices and computerised tools that hackers use to guess your passwords. They try a number of combinations and if they know something about you even better. They would try your birthdate and those of your family members, the name of your pet and school, even the city you live in.
You don’t need to change too much but if after reading this you decide that you want more control of your information, change your password. After listening to all that have been said and shared about strong passwords I have 3 simple rules:
1) Length: A longer password is better. A password that is 18 characters is ideal.
2) Characters: Choose different characters and mix uppercase letters (e.g. A, Q) ; lowercase letters (e.g. a, q); special characters (e.g. %, $); and numbers (e.g. 4, 9)
3) Change: Regularly change your password – monthly or quarterly or whatever time you like.
In one breath: A long password with different characters that is changed often is harder to guess.
Tactical Technology Collective and Frontline have excellent resources that you can give more tips and advice. Check out:
And for everything else on what you can do to ensure security and privacy online & offline, check more generally: http://security.ngoinabox.org and www.takebackthetech.net