I logged in to MailChimp over the weekend to send an email newsletter for Rhinebeck Science Foundation, a non-profit on whose board I sit, and was greeted by a message from MailChimp about new security measures they’ll put in place soon that will require users to set up new passwords.
More on the passwords in a second, but first, MailChimp really seems to be hitting it out of the park lately. We use both Constant Contact and MailChimp for our most cost-conscious clients. (iContact and MyEmma cost more but do more, so we recommend them where budget is less of an issue.) MailChimp keeps adding features that Constant Contact lags behind on. The Inbox Inspector, for example, lets you see how your message looks in different email programs. MailChimp also provides easier custom design layouts, more flexible pricing (Flat monthly fee based on list size or a per-message charge for less-frequent mailers.), the list goes on.
When we first started using MailChimp, it seemed like just another too-hip copycat product with a funky interface. There are still things about the work flow and interface that a power user won’t love, but the feature set is getting tough to beat.
Back to passwords. In the update message, MailChimp included links to 3 articles on password security.
The first, from Gizmag, is a list of the worst passwords commonly used. No surprise, 123456 is a bad choice. The article also has some good tips about picking better passwords.
The second is piece from Lifehacker. More tips and funny stories.
Finally, there’s a geekier piece from Baekdal.com on password usability. It includes info on how passwords get hacked. (Top of the list – just ask someone for the info. Social engineering is apparently very effective.)
More interestingly, it goes on to discuss how secure a password is, how long various hacking methods take to crack weak passwords, and how to build usable passwords that can be considered secure forever. (As in it would take a hacker 100 years to crack it, or you’ll be dead before anyone gets in.)
A great bet: a minimum of 6 characters that includes mixed case letters, numbers, and symbols. Develop your own code (all “s” beecome “5,” all “i” become “1” or “!” and so on.
Even better: three common words. Easy to remember, hard to hack. (The article uses “this is fun” as an example. I’m not sure how many Websites allow spaces in their passwords, so not sure how well that will really work. Works with WordPress, though. I just changed my hard-to-remember password for an easy to remember – and even more secure – pass-phrase.)
One more tip. Buy a program like SplashID which lets you save all sorts of passwords and other sensitive data safely away from prying eyes. Much better than a bunch of post-its on the side of your monitor. Then it’s just one password you’ve got to remember.