Reviewing Cybersecurity after Lawmaker Tweets Picture with Password

picture of computer monitor with password on sticky note prompts password review

Protecting yourself with strong passwords in cyberspace is a must. It’s important to avoid easily guessable passwords like “password” or cultural references like “Frodo.” One lawmaker tweeted a picture that had his password on a sticky note.

Cyber security concept image
Photo By 13_Phunkod / Shutterstock

Representative Mo Brooks (R-AL) made headlines last week, but not for reasons related to signing bills, winning an election, or getting a major endorsement. On June 6, Rep. Brooks tweeted a picture of his computer monitor, which was taken with a camera. However, a sticky note near the monitor that contained a PIN number and password made it into the image. While the internet wondered aloud if it were really Brooks’s password, he deleted the tweet and reposted it with the sticky note cropped out.

It’s important to take proper precautions online by using strong passwords and keeping them private. In his video series Thinking about Cybersecurity: From Cyber Crime to Cyber Warfare, Professor Paul Rosenzweig, Professorial Lecturer in Law at The George Washington University Law School, explained how.

Getting an “F” for Effort

“Let’s talk passwords—if you are like me, you hate them,” Professor Rosenzweig said. “You want to make them hard to guess, but then they are hard to remember; and if you make them easy, then you make yourself an easy mark. If you write them down on a piece of paper, well, then of course you’ll lose the paper or someone will steal it.”

Professor Rosenzweig said that we should still avoid the temptation to make a password easy, because the primary function of password protection goes far beyond petty thieves. Instead, very well-designed computer programs now troll the internet for vulnerable accounts. Password-cracking programs have a dictionary of the 500,000 most commonly used passwords, so they’ll use those first.

“The most common password of all is ‘password,’ and the second most common is ‘123456’—don’t use those,” he said. “Also, don’t use obvious personal information like your birthday, either; that can be found on the web pretty easily. And don’t use common cultural reference points. Do you have any idea how many people use ‘muggle,’ or ‘Frodo,’ or ‘BruceSpringsteen’ as their passwords?”

Hogwarts-Worthy Passwords

Rather than use passwords that are easy to guess, Professor Rosenzweig suggested using a program like a password safe, which stores all the passwords that you use, so only you can access them. Of course, then you’d need a strong “master password” for the password safe, but remembering one is easier than remembering dozens. How do you create a strong master password?

“There are lots of tricks out there, but here is one that I use,” he said. “Think of your favorite line from your favorite movie or play or book—or, if you prefer, think of the opening line of the last book you read, or the last 10 street names of streets you’ve lived on. Then make a password of the first letter of the first 10 or 15 words in that movie line or of those street names.”

For one short example, he gave Casablanca‘s “Here’s looking at you, kid” and started by abbreviating it to “HLAYK.” Then he suggested randomizing the capital letters, like only capitalizing one out of every three letters; then adding in some numbers that only you would know, like the last four digits of your phone number at your childhood home. If you throw in a special character like an asterisk between them, you get a password like HlaYk*0956. As Professor Rosenzweig said, “[It’s] perfectly sensible to you because you created it, but utter gibberish to anyone else.”

Finally, don’t use your master password for a password to anything else, and be sure to remember it. Losing your master password is the same as losing the key to a safe.

And don’t post a picture of your password on Twitter.

Edited by Angela Shoemaker, Wondrium Daily