Feb. 1 marks the first Change Your Password Day, a holiday proposed by a popular tech blog. We're here to walk you through this strange new celebration and the clever traditions it brings.
Why haven't I heard about this holiday before?
As explained by Matt Buchanan on Gizmodo, Change Your Password Day is a holiday recently invented by the tech blog. The folks there have decided to dub it the "most boring — but safest! — celebration ever" and use it as a way to remind (and educate) everyone about the importance of proper password practices.
"I thought it would be a good idea if we all changed our passwords together. Like positive peer pressure," writes Buchanan, before suggesting Feb. 1 as the date for the occasion. "Sooner is better than later," he offers.
(In the interest of disclosure: I was previously employed by Gizmodo and have worked alongside Buchanan.)
So what's the point of Change Your Password Day?
On Change Your Password Day, you are supposed to ... change your passwords. Simple in theory — but in practice there's more to the process than meets the eye.
Changing your passwords isn't just a matter of going from "SecretPassword1" to "SecretPassword2." You should also consider what a decent password is and make an effort to use it, even if it means changing some of your security habits. Gizmodo's Rachel Swaby explains:
The thing to understand is that the biggest threat to your security isn't some creep sitting in front of your email login screen, randomly bruteforcing his way into your account. Nope, you're up against computers that can run thousands of encrypted passwords by dictionaries of several languages, everything in the World Fact Book, and Wikipedia in a matter of minutes.
To emphasize her message, Swaby calls attention to work done by the Tech Herald after members of the AntiSec movement published a batch of encrypted passwords to the Internet. It took individuals at the publication less than five hours to crack over 80 thousand passwords using regular off-the-shelf computers and software which is easily downloadable.
What kind of passwords should I choose?
We've all had it drilled into our heads that we should use long passwords which incorporate (upper- and lower-case) letters, numbers and symbols, but are those really the best choice? Not exactly, according to some number-crunching done by security expert Thomas Baekdal.
As you can see by the chart above, complex passwords — like the ones I just described — are in fact pretty darn secure. In theory, such a passwords would take a hacker over 100 years to discover if he were using an automated system capable of systematically guessing 100 passwords per second.
But how long would it take you to regularly memorize a password that looks as if it was created by a cat who strolled across a keyboard? Long enough to make you think twice about creating a complex password, right?
So how about using secure passwords which consist of easy-to-remember, multi-word phrases instead?
Such phrases — which can include things like "this is fun" or "fluffy is puffy" — are even more secure than the complex passwords which you may or may not memorize easily. In fact, Baekdal suggests that math shows "this is fun" to be ten times more secure as a password than "J4fS<2."
If you don't have faith in this approach to password selection though, at least keep in mind that size matters. Longer passwords are more difficult to crack, even if you're not using strange characters. (But using strange characters — such as parantheses, exclamation marks, or even spaces — can, of course, mean the difference between a secure and a compromised password.)
Can't someone (or something) else do the work for me?
Making and remembering passwords is tough, especially since you should be using a unique one for each of your accounts. Thankfully there are password manager applications which can help. Such applications will securely organize and maintain your password data for you.
One of the most popular password managers around is called LastPass, but unfortunately its reputation suffered after a possible security breach in May 2011. But no worries: Lifehacker's Whitson Gordon explains that while LastPass is still trusted and favored by many, there are several alternatives such as KeePass, 1Password, or Keeper.
That's it? Where are the presents and the candy?
That's all there is to Change Your Password Day. There are no presents, no candy, and no fancy decorations. There are just stern reminders that you need to audit your password practices and make some new passwords. It's just a day that celebrates doing something that you should've been doing all along.
- 7 signs we're living in the post-privacy era
- The 25 worst passwords of 2011
- Should couples share passwords?
Want more tech news, silly puns, or amusing links? You'll get plenty of all three if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.