The 2+2 forums are dealing with some bad guys who are trying to brute force people’s passwords. In other words, some guy somewhere is running a computer program that probably has a very long dictionary of commonly used passwords and systematically tries a ton of different passwords for a ton of different accounts on 2+2. These types of attacks are essentially preventable by website administrators (and hopefully 2+2 will get its act together soon), but they’re still quite common.
If your password is uncommon (e.g., “kfag4;6-lkjghaa” and not “mypass”), it’s likely nothing to worry about. If your password is in the list of the million most common passwords, someone may very well get access to your 2+2 account as a result. (You should go to 2+2 and change your password immediately.) Worse still, if you use the same password for your e-mail or for a poker site or your bank account, you might lose money as a result.
So, I just wanted to quickly share some easy ways to choose a decent password. I got the basic idea from an awesome xkcd comic. (BTW, xkcd is really cool, and you should check it obsessively on Mondays, Wednesdays and Fridays.) Remember that the goal of a good password is to be both memorable and extremely hard to guess.
- Just use a descriptive sentence. For example, I happen to have a candle on my coffee table right now. So, I could use the password “I like my red triangular candle on my coffee table.” To make sure that it’s a relatively uncommon sentence, Google it in quotes. If it doesn’t come up in Google, that’s probably a good sign. (My example didn’t come up on Google before. I suppose it will once Google indexes this page, though.) That’s extremely easy to remember, and it’s pretty damn likely to be unique if it doesn’t exist anywhere on Google. Using a sentence that has some capitalization, weird punctuation (e.g., a colon), and numbers in it might be a bit better, but in reality, it really doesn’t matter. The number of such sentences is huge, and adding numbers, capitalization, and punctuation in a way that’s easy to remember really doesn’t increase that number incredibly significantly.
- Typing long passwords can be annoying, though, especially if you’re prone to typos. So, you might instead use an acronym, since that will be much shorter. In this case, there’s significantly more merit to having some capitalization, numbers, and punctuation in there, so you should think of a sentence or phrase with a number or two in the middle and some punctuation and use that. For example, you might think of the phrase “My three most valuable things: House, car, laptop.” Then you can ues M3mvt:H,c,l. (This is the method that I use for my less secure passwords.) That’s a secure password and really easy to remember. If the commas annoy you, “M3mvt:Hcl” is probably sufficient. Again, Google your password in quotes to make sure that you did in fact pick something that’s uncommon.
- If you have a good memory or store your passwords with software like Keepass, then you should just choose a random password. Random.org provides a nice service for doing exactly this. Again, Google your password in quotes to make sure that you did in fact pick something that’s uncommon. (Though the odds of any results being returned for this method are quite low.)
In addition to choosing a secure password, you should use a different password for everything that’s important. If your password is compromised on one site for whatever reason (and this happens ALL THE TIME), you don’t want someone to then be able to gain access to your bank accounts, your poker accounts, etc.
Anyway, that’s all I really wanted to say. Since this is my second post in a row on passwords, maybe I’ll make a series out of it.