David Teten

David Teten

by David Teten, Partner at ff Venture Capital

Twitter’s security meltdown has done a fantastic job of publicizing how vulnerable a modern, cloud-based company can be to adetermined hacker.

I have been surprised that in the numerous articles about how to protect yourself against hacking, I have seen very little mention of the powerful technique that we discussed in The Virtual Handshake.  Here’s a slightly updated version of what we wrote in the book:

Use a different user ID and password for all of the important sites you visit. If a thief knows your password on one site, it’s too easy for him to then use that password on many other sites. (That homogeneity is what broke down Twitter’s security.) A good way to keep unique passwords for every site is to develop a standard method for creating a password from the name of the site. For example, to create a unique password for Orkut.com:

1. Pick a standard word for use with all your sites.  We will use “jade.”

2. Split it in half. In the middle, insert the number of letters in the domain name. “Orkut” has 5 letters, so we write “ja5de.”

3. Add a letter at the beginning that is the first letter of the domain name. “Orkut” = “O,” giving us “Oja5de.”

Although this allows you to easily calculate the password, a hacker cannot readily deduce a pattern because each site has its own unique password. Of course, you need to create your own algorithm; do not use this one! To avoid confusion from an excessive number of passwords, it’s okay to use the same password on all Web sites for which security is not critical, e.g., newspaper sites.

One weakness in this approach is the use of a common word as a base.  Christopher Faulkner, CEO of C I Host, suggests pick a line from a song or popular phrase, and use the first letter of each word. For example, “Four Score and Seven Years Ago” becomes “4s&7YA” .