A reminder about passwords

Today, the accounts database of Second Life was hacked. The lost information includes real names, passwords, email addresses and home postal addresses. I've signed in to try and warn people of the potential dangers from shared password use and the literally dozens of paniced people contacting me makes me think I should share the following tips on safe password use.

  1. Never reuse passwords. This may seem paranoid and difficult to do, but it's essential in protecting yourself online. If you use the same password with your email account, internet forums, online banking and eBay accounts, a hacker only needs to access one account to get into them all.
  2. Use secure passwords. Don't use your name, personal info like birthdates. Ideally, stay away from words found in the dictionary, unless you use multiple words. Mix capitalization and numbers, and when allowed punctiation. An example of a resonably secure password that you can remember is something like "chAir47)lenS".
  3. Change passwords often. The longer you use a password, the easier it becomes for someone to steal it.
  4. When an incident occurs, change all your passwords. People who use the same password for Second Life and thier email accounts are in serious danger of identity theft. Hackers move quickly, and you may not know if they've been able to access other accounts until it's too late. When you find out there's been an attack on your account, protect yourself by changing all your passwords.