Not so long ago, several of my Facebook friends got a message from me to watch a video. A few of them were suspicious and asked me if the video was from me. It was not. I had been hacked. I have no idea what was in the video, but I quickly posted a new message to NOT open or view it. As far as I know, no one did, or at least no one would admit it.
Crisis averted? Who knows? What I did know was that I needed to change my password immediately. Simple, right?
Upon getting hacked, I remembered a cyber-security presentation I attended (and obviously ignored) several years earlier. It wasn’t anything technical — that’s way above my pay scale. It was, however, about how to protect one’s personal data with effective passwords.
“It’s simple,” said the speaker, “A good password has at least 25 characters, upper- and lower-case letters, numbers, and multiple symbols, too, like question and exclamation marks. And to really protect yourself,” he continued, “passwords should be changed at least once a month.”
Once a month? 25 characters? There was a collective moan from the 100-plus people in the room. I suspect most had short passwords comprised of birthday or anniversary dates which, by the way, is a very bad idea since those things are ridiculously easy to find on places like Facebook.
“And in case you had any doubts,” the speaker continued. “Every password should be different.”
The moans turn into agony.
Mind the 3 P’s
I, of course, did what I do best when confronted with a dilemma. I made a list. How many accounts did I have? Back then, it was fewer than 20. Today, my list of password-protected accounts is 32 and growing.
Do I change my passwords every month? Does every password have 25 or more characters? Have I avoided every significant date in my family? Are you out of your mind?
To maintain password sanity, I set up a three-tiered system: pointless, possible and painful. Pointless passwords are for things I don’t worry about. For example, hardly a day goes by when I don’t listen to music on Spotify. My password is my favorite musician’s name. It’s a whopping five characters. What would happen if my Spotify account got hacked? Would my playlist go from rock ‘n’ roll to rap? Hello Drake. Goodbye Bruce. I can live with that.
With possible, I take a more serious position. Possible includes things like my cellphone, laptop and email. For these, I use more complex passwords that include upper- and lower-case letters and an occasional number, although nothing comes close to 25 characters. Nonetheless, I’m prepared for Possible. If these accounts are hacked, the hacker would have access to a vast amount of unpublished work, and maybe that’s not so bad.
What if my next hacker is a publisher looking for the next great American novelist? And what if the publisher likes my yet unpublished manuscript? I might finally get some interest in my new book. And if literature isn’t the hacker’s thing, then perhaps photography is. Whoever opens my phone will find 9,113 photos. What hacker wouldn’t want a picture of me pulling a marlin out of the Sea of Cortez? Or how about me standing on the ridge of Haleakala Crater, 10,000 feet above the Pacific Ocean in Hawaii? Or me eating corn on the cob? Or riding my bike? Or a picture of a scrumptious chocolate cake I baked? I think the hacker might find me to be a pretty interesting fella. Who knows, maybe we could become friends?
Finally, there is painful. Painful is anything that has to do with money, such as bank accounts, retirement funds and Venmo. I’m a huge fan of clean clothing, but please don’t take me to the cleaners. If it takes 25 or more characters with varying attributes to protect my life savings, then count me in. My painful passwords are often favorite song lyrics sprinkled with random characters. Here is one I recently changed for an online checking account: Mony!Itsagas#GrabthatcashwithbothhandsAndmakeastash$ — 52 characters and an homage to Pink Floyd. It’s great, isn’t it? Please feel free to use it. It’s not registered, and I won’t tell a soul.
I also dabble in the world of password haiku. Here’s an old one from a now defunct email account: SoMuchJunkReceivedOverwhelmsMyClutteredBrainDeleteDeleteNow@65really? Honestly, I think I’ve got this hacker thing beat and possibly a new career in poetry.
If only I could remember all those passwords. To assist, there are password-protected phone apps where a person can store as many passwords as necessary. However, a password to protect passwords would have to be extraordinary. A simple haiku or song lyric just won’t cut it. I’m thinking the obvious is just what it takes to fool a hacker. How about 042495081993070890091559042657? Yes, that’s a lot of birthdays … or is it?
Better yet, I think I’ll just make a list of all my passwords and put it in my desk drawer. That’s safe, don’t you think?