I’ve mentioned passwords before, but today I’d like to tell you about the most important password in your possession, the single password that keeps the hordes at bay.
Take a moment to think about the passwords you use for your various secret stuff. If you’re like me, you have your ordinary password for unimportant stuff, then you ratchet up the entropy for sites that involve money. For a long time I had two passwords, my ‘secure’ one and my ‘other’ one. Now I’ve started taking my passwords a lot more seriously, which means keeping a file of all my passwords, itself protected with massive encryption and the most awesome passphrase ever. No one’s getting into that file.
But here’s the thing: they don’t have to. There’s another password I have that’s just as powerful and easier for a bad guy to use. My primary email password.
How does that password drop my trousers universally? Simple: if someone had access to my email, they could click “I forgot my password” on every site in the world and harvest the responses. If the evil robot cleared out the emails before I read them, I’d be none the wiser. And I’d be fucked.
You might think your online banking password is the one you must protect most diligently, but your email password will hand them your bank account along with everything else. This is the password to protect and change regularly.
As an aside, you can make things a little tougher for bad guys by modifying your email address when you register for stuff. For instance, if I register at xyz.com, I might use [email protected] for my email address. The cool thing about ‘+’ is that it doesn’t change the delivery (the above will go to [email protected]) but you can sort your email based on the suffix, and you can track who gave your email address away. Most significantly, if some wrongdoer has your email password, they still have to guess the +suffix part for each site before they can use the “I forgot my password” feature. If your email password gets out, that second line of defense could really save your ass.*
Also, know that if your email provider gets hacked, you could be hosed. There is one major company (rhymes with achoo!**) that seems to have a hard time keeping the wrong guys out of your account (although I think it’s the address book that has been compromised, and not direct access to your emails). There are likely others that do a better job keeping their names out of the press when they spill your information.
So, to flog the horse: If bad guys gets access to your email, they own you. Protect that password diligently. Change it fairly often. Use [email protected] when you sign up for stuff. In databases around the globe, your email is quite literally your entire identity.
* I read somewhere that hotmail and some others don’t support the + in emails. I haven’t tested personally, but if your provider is one of those, drop them immediately and find a better service.
** I’m pretty sure I have stock in a company that ends oo!, so I’m not just slinging mud here.