A Word on Passwords

As more and more services are moving onto the ‘cloud’, aka the internet, we place more reliance on our passwords to keep sensitive information away from prying eyes. Basically, passwords have become the ‘keys’ to our online life.

However, many people don’t treat their passwords in the same way that they treat their real keys. They don’t realize the importance of having strong passwords (emphasis on plural) until its too late. And even if they know they should have different passwords for different services, they figured that it’s impossible for them to remember so many passwords, so they don’t bother.

Case in point: hundreds of confidential Twitter documents were leaked after a Twitter employee’s email account was hacked into.

As the saying goes, “a chain is only as strong as its weakest link”. Here are some suggestions based on analysis of the “weak links” in the Twitter attack.


Don’t leave passwords in your email

Many services that you sign up for online send you a registration email that usually includes your login information. If your email account ever gets compromised, your passwords for other services will be revealed to all and sundry. It can happen pretty easil. Something as simple as forgetting to log out of your email account on a public computer could get you in trouble.

You should delete those emails that contain passwords. A simple way to do that quickly is to do a search in your email using your password(s) as the search term. Delete all the emails that show up in your search results. You might be surprised at how many of those emails are lying around in your inbox.

You should have the habit of deleting registration emails as soon as you receive them.

Have a system to create unique passwords

Every web service you sign up for online should have a unique password. This ensures that even if one password is compromised, the rest of your data on other services will still remain safe. It doesn’t even have to be your fault that your password is leaked. There have been cases where a web company accidentally leaks their users passwords to the public.

It might sound pretty daunting to have a unique password for each service, but if you follow a system, it shouldn’t be much trouble.

One system that you could use is as follows:

Pick a base password of, say, 8 random alphanumeric characters. Spend some time memorizing it really well.

Next, pick 2 or 3 characters in this base password that you want to vary for each service. Replace those characters with characters derived from the web service you are using the password for. For example, you could replace 2 characters of the base password with the first and third characters of each web service i.e. For Facebook, use the characters ‘F’ and ‘c’ to replace the 2 characters in your base password.

After some practice, it shouldn’t take much effort to recall the passwords.


Hacking and security attacks are going to be more frequent as it becomes more and more lucrative for hackers. A good guideline to follow is to treat your passwords the same way as your keys. If you don’t leave your keys lying around and use one key for everything, why would you do that with your passwords?

01. May 2010 by Han Sheng
Categories: tech, web | Leave a comment

Leave a Reply

Required fields are marked *