Thursday, July 29, 2010

Complex Passwords

So everyone, today we will learn about Complex Passwords!

Passwords – they are everywhere! Love ’em or hate ‘em, you probably use them often, if not daily. Passwords are one of the most basic types of authentication used – your basic Who You Are (user id) combined with What You Know (password).


Do your best to NOT use the same password for everything – your online banking password should not be the same as your Facebook login password. Ideally every password you use should be unique, but realistically that would be a nightmare to maintain – but do the best you can. I tend to group in terms of importance/risk:

1) High (e.g. banking) – unique, very complex passwords
2) Medium (e.g. Facebook, Twitter) – unique-ish, complex passwords
3) Low (e.g. web forums) – I have a few passwords I tend to use

Also, don’t use common words or proper names of people/pets. Common words are easily guessed using a dictionary attack, and proper names are easily guessed by doing a bit of research on people.

Most websites give you a “forgot your password?” link if you are having problems. Be careful of the standard security questions they use – the answers tend to be common things that are easily guessed or researched. You know those online quizzes and Facebook “25 things you didn’t know about me” type things? Did you know the name of my first pet was Snowball? Oddly enough that’s also one of the common security questions used when you forget your password!

Basic Rules for Complex Passwords:
  • Minimum of 8 characters
  • Use both upper (A to Z) and lower case (a to z) letters
  • Use numbers (0 to 9)
  • Use at least ONE symbol (e.g. , ! $ & % #)
One of the most common complaints about complex passwords is that they are hard to remember. A good suggestion is to use the first letters from an 8 word (or more) sentence or catch phrase, replacing some letters with numbers or symbols:

We work hard so you don’t have to”
becomes
WwH$ydh2

Oh, and one other thing: please don't write your password on the under side of your keyboard, or on a sticky note by your monitor, etc! That sort of thing really makes that vein in my forehead throb....

3 comments:

  1. I always use 4 or 5 different languages in my passwords. I like really long passwords (because they're easier for my brain to remember) and they're usually really easy sentences, but no two words are in the same language and the grammar/syntax is usually non-English.

    ReplyDelete
  2. Years ago when opening a bank account I joked to the clerk that I kept my birth certificate and social security card in an envelope on my desk - he visibly tensed up and explained (With a wry smile) that bankers hate to hear that, that I should get a safety deposit box or home safe. All with a look in his eyes that said he and his co-workers had seen wayyy too much come from that level of carelessness.

    I have so many freaking passwords. When I worked for a telecommunications company, the password requirements were not only crazy stringent, but you needed a different one for oh, 6-10 systems used on a regular basis. Oh, and you had to change it every X number of days, to something that didn't resemble any of your previous like, 14 passwords used.

    o.0

    I'm not going to lie - eventually I had to write some of them down someplace, especially for systems I rarely used. The authentication system for retrieving passwords and logins was pretty grueling also, and could take several hours out of your business day. However, I did come up with a way to catalogue them so that it didn't *look like* a list of passwords. And they weren't kept under my keyboard or near my workstation.

    ReplyDelete
  3. Now a days they do have a solution to that though. Have you ever heard of those applications you can put on your phone or computer that have one main password, and it locks up all your passwords for various sites?

    I suppose it's no different than setting a password to a word document and keeping all your info in there, but I hear these programs are pretty popular, and some even have gone through government approval for security ratings.

    ReplyDelete