The immune system exists to prevent intruders from entering your body and doing damage. Passwords exist to prevent intruders from entering your computer and doing damage.
An immune system can be too strong or too weak. If it’s too weak, then it permits some diseases to thrive inside your body, and you die. If it’s too strong, though, it can be just as destructive, mistakenly attacking things in your body that rightly belong there, and you die. There’s no perfect balance point where it never misses an intruder and never attacks a friendly. There’s instead a midpoint where, statistically, half as many deaths come from intruders as from mistaken identity.
A password system can be too strong or too weak. If it’s too weak, then any intruder can guess the password and gain access to your computer. If it’s too strong, then if you lose your password, you can’t get access to your own computer.
In order for password systems to work, users must know enough to 1) create passwords that are hard to guess, like R%23naq78@#TaT, not passwords that are easy to guess, like password or 123456; and 2) write down both the username and password and store them in a secure place.
Not many users know enough about computers to do this. I help two people with their Macs. Both are intelligent, conscientious people who manage their lives competently. Neither is a computer geek. Therefore, both have suffered problems with passwords. The passwords have done more harm to them than any hacker could.
Suppose that your immune system required you to take one vitamin C pill twice a day, at twelve hour intervals, with no more than 14 hours and no less than 10 hours between taking your vitamin C pills. People would be dropping dead like flies.
So here are my rules of digital hygiene. Follow them without fail. Let me make this clear:
If you don’t follow these rules, bad things will happen to you!
1. Use robust passwords. Don’t use your own name, your friend’s name, your pet’s name or anything familiar. Indeed, you shouldn’t use recognizable words. For passwords that you’ll need to memorize, such as the password for your laptop, you can get away with two words separated by a typographical character, such as silky^battery. But in general, you should use random combinations of uppercase letters, lowercase letters, numerals, and typographical symbols. Every password should be at least eight characters long. Don’t use the numeral 1 or the letter l in your passwords, because it’s too easy to confuse them. Don’t use the numeral 0 or the letter O, for the same reason.
2. Write down all the information you need to use your passwords. Don’t just write down the passwords; write down the place where they’re needed, the user name, and the password, like this:
Macintosh: myname ($^gghQMX57*3#
Apple ID: myname@myplace.com $gqw73LH(#^23
Email: myname@myplace.com G6$p%(((cW33
AardvarkEnthusiasts.com: mememe LnfED3J6*#
Don’t scribble them so you won’t be able to re-read them later. Don’t scrunch them into the edge of the page. Write them big, bold, and legible!
Don’t write them on a scrap of paper you find just lying around. You could use something like an address book so that they’re all alphabetically sorted. Or you could put them on a large piece of paper, big enough to hold all your passwords. I actually have a text file containing all my passwords—about a hundred—that I print out so that they’re easy to read. That file, of course, is extremely dangerous. If a hacker ever gets his hands on it, I’m in deep doo-doo. I have it protected in multiple layers of protection that, in my opinion, provide plenty of security. The paper on which your passwords are written should not be taped to your wall or lying on your desk. Hide it someplace safe. If you use a physical address book, do NOT keep it inside your desk drawer; hide it someplace safe. If you’re a woman, hide it with your underwear, as no man will touch that drawer.
3. Restart your computer about once a week. That clears out the memory, gets rid of stupid bits and pieces that accumulated while running things on the Internet, and general digital detritus. You clean your toilet every now and then, don’t you? Why not your computer? It gets even dirtier.
4. Back up your computer. Get an external hard drive (costs maybe $60), plug it in, and set it up. If you have a Mac, just find “Time Machine” in System Preferences. If you want to be especially safe, get two external hard drives and switch back and forth between them, say, once a week. Keep the second one someplace other than your home. That way, when the FBI raids your place and carts away all your computers, you still have your data.
5. Don’t bump your computer or external hard drives. They can take minor bangs, but a sharp impact can destroy them.
6. When getting help over the phone, use precise language. Don’t say, “The thingamajig is wrong.” Instead, say something like this: “In the Safari window, along the topmost bar, there are six icons in the upper left. The rightmost of those icons is greyed out. How can I make it active?” Specify what application is currently active. You can find that in the extreme upper left corner of the screen.
This means that the Finder is active.
This means that Safari is active.
This means that iTunes is active.
After specifying what application is active, describe what’s in the application window. If you’re in the Finder window, describe what’s in the topmost Finder window. If you want to talk about something in the window, specify where in the window it is and what it looks like.
7. Don’t ever, ever open a file you got in email from anybody you aren’t absolutely sure of. This is the primary means by which hackers get inside your computer. They crack a friend of yours and use your friend’s email list to send you an email that looks like it’s coming from your friend. In it is a file that they want you to look at. Be very careful. Most of the time, it’s safe, but just ask yourself before you open it, “Why would my old high school chum be sending me a spreadsheet?” Remember: opening bad files is the primary avenue for infection by hackers. You can protect yourself against this by getting a good anti-hacker program, but good ones cost anything between $40 and $300 per year. Get some help from a knowledgeable person before installing one of these.
8. Sometimes hackers send you emails that look just like the real thing. For example, you get an email from your bank that looks exactly like all the other emails from your bank, and it says that they think that your account has been hacked, so would you please log into their website (they conveniently provide a link to it) and check it out. You click on their link and they take you to their own website, which is mocked up to look just like the real thing. It asks you for your password, just like the real thing, you give them your password, and poof! there went your money.