Web Security for Ministers

I’m no expert on internet security, but I thought I’d share a few thoughts about security as a resource to the readers here at CMO. The truth is that most people have lousy security for their online accounts and having something more secure can actually be pretty easy. I was prompted to write this recently as I decided that it was time to change up most of my passwords. I’d been using my primary pasword for several years and I know that you’re supposed to change your passwords on a regular basis, so I figured that it was time.

So, here’s what you might need to know. In 2009, a gaming site was hacked and thousands of accounts were compromised. A study was conducted and here is what was discovered: 

  • 29,000 compromised accounts used the password 123456 (seriously)
  • Many other accounts used a string of consecutive numbers like 111111 or 333333
  • The fourth most popular password was the word… password (come on!)
  • Lastly, thousands of passwords consisted of first names or simple combinations of abd123

When you hear about hacked accounts, it’s usually because of this. When accounts are compromised, passwords like the above are usually broken within seconds (computer software submits thousands of potential passwords to hack in and these simple passwords are the first used). Having a stronger password is really, really easy.

So, every password needs to have upper case letters, lowercase letters, a number and a symbol. Never use a password again that doesn’t contain at least one of each of those. Remember, every letter you add makes your password 26 times more difficult to break (since there are 26 letters). Add numbers and the breaking difficulty is increased. Add a symbol and you’re golden. There are 1500 potential symbols to use, so just using one symbol just make your password 1500 times more secure.

Here’s and example. Say your password is “moose44.” Hacker software can crack that password in less than one second. However, if you added some symbols and make the password “moose44!.!.!.!” the same software would take an estimated 200,000 centuries to hack it.

Convincing? So, here’s a system you might want to use. Pick a name, object or place that has some meaning to you. Maybe not something that would be published on Facebook that would give people ideas. Maybe it’s a character of a book you liked or a place you’ve always wanted to visit. Maybe it was a TV show you liked as a kid. Here’s mine.

GummyBears
GuMM4B3ar5!

See what I did. I used a good mix of upper and lowercase letters. I substituted a 4 for the Y since they look similar, a 3 for the e and the 5 for the s. I thew a ! at the end just for fun. What would have been even more secure was to put an @ in pace of the a. So, you’re turn. Plan out what you want to use and change one of the sites you sign in to regularly and get used to typing it in. Eventually, you fingers will memorize the code and it will be very natural. Eventually, change your other passwords as well.

Tips:
Okay, here are few remaining tips.

  • This isn’t the most secure, but I use the same password for many accounts. However, I do have 2 or 3 separate passwords that I might use at any given time. One passwords might be used for financial stuff, another one for social media and other stuff.
  • I also keep a stupid password in my back pocket. Every now and again there is a stupid website that won’t let you use symbols or restrict your password to 6 characters. I don’t like being put on the spot to have to create a password (I’ll forget it), so I have a stupid password for these occasions.
  • I also keep a sharable password. It is inevitable that you might have to share a password with someone because they are helping you do something and they need access to your account. I have a password that I share with people that is still pretty secure but I don’t mind sharing with people. If I know they are going to be logging into a site to do work for me, I’ll change the site’s password to this one and then give them access. When they’re done, I change it back.
  • Oh, I also have a password that I used for work related stuff. It just helps me to keep that stuff separated. If it’s work related, I know what password I used. That way, if I ever need to turn stuff over, I don’t have to change all my passwords in order not to compromise personal stuff. I also tend to share work passwords with co-workers.
  • Because I only use three or four secure passwords, if I hit a site that I forgot my password, I just have to cycle through the 3 or four that I have.
  • Never share your passwords. I don’t care who they are, don’t share them. I have 2-3 passwords, a few of which I have used for 7-8 years. The only person who knows them is my wife. Period. Much of your identity, security and financial data is all sitting behind these passwords… take it a little more seriously.