Saturday, December 2, 2006

Creating Strong Passwords

I've often been asked 'what is this password selection thing all about? How do I create one I can remember that is also safe?"

There a number of different ways to create a strong password. You might use the first letter of each word of a lyric of a favorite song ('praise the Lord I saw the light' would be 'ptlistl'.)

A name with number embeded in it. (thecubs1956) Or any combination you choose. The important thing is to create a password you can remember, yet cannot be easily guessed.

One method that works for many of us, including me, it to use a first letter of the site, a name, followed by at least three numbers. For example for your Yahoo login password you might use: ythecubs1956. For your Amazon access it might be: athecubs1956. For your Google Mail (Gmail) account it might be: gthecubs1956.

As you can see the base password body stays the same yet the first initial(s) change with each site you log into. Remember passwords are case sensitive. The lowercase “s” is different from the upper­case “S." Make sure that the CAPS LOCK is not on, unless you intend to enter all uppercase letters.

Another safe password technique is to create a new, stronger password for every Web site or login that requests one. You might consider creating a few stronger passwords and use those at sites you want to keep most secure, such as your bank, brokerage, or bill-paying company. Then create another small set of passwords that are easier to remember that you can use everywhere else.

Remember it is your responsibility as a computer user to try to create strong passwords. Intruders may attempt to gain access to shared computer systems through the accounts of others. At particular risk are your privacy, reputation, and files and computing resources. Take extra precautions to make your password as difficult as possible to crack.

Strategies for creating a good password are:

  • Create a password that is easy to remember.
  • Create a password that you don’t have to write down.
  • Make the password at least 8 characters long.
  • Create a password that you can type quickly.
  • Create a password that is a random mix of letters, digits, and punctuation.

Creating Good Passwords

Your password is the key to your data and should be nearly impossible for someone to try to figure out. Choosing a secure password is important for keeping your data secure.

Use of Pass-phrases

Pass-phrases are longer than passwords, are easier to remember, can contain spaces and special characters, and can be more difficult for crackers to break. An easy way to form a secure pass-phrase is to think of a phrase that you can remember; include special characters and even a misspelled word. For example, the phrase: “I have lived in Bloomington, IN the passed 15 years!” could be a pass-phrase. You may also consider choosing a line from a song or poem. Of course the number of characters allowed on the site will determine the phrase you use.

Things to Avoid when Choosing a Password

There are specific things you should avoid when choosing a password, including the following:

  • Names of any kind. These include your login name, your first or last name in any form, or your spouse's or child's name.
  • Any kind of easily obtained information. This includes your phone number (may be listed in a directory), your address (again, easily obtained from a did­rectory), birthdays, license plate numbers, telephone numbers, etc.
  • Sensitive information. This includes your ATM PIN, your student ID if you are a student, your Social Security number, or your credit card number.
  • Words contained in English or foreign language dictionaries. These include obvious words such as “secret” or “password” or “abc123," etc.

Remember that it is part of your responsibility as a computer user to create a strong password. For maximum security, always take extra precautions when creating a password so that sophisticated crackers can’t acquire your personal information.

Managing Passwords

Do NOT let software remember a password because the password will be stored on the computer, and many machines are used by other users. When you go to a site on the Internet and enter your user ID and password, you may see a checkbox or another dialog box asking you if you want the browser to remember the password and if you want to be asked this again. Depending upon your browser and its settings, the browser may not remember your password information again.

About Sharing Passwords

Do NOT share your password with others. Don’t give your password to anyone, including your friends, your boss, a computer repairperson, etc., and don’t write them down and keep them at your desk or in an unprotected file on your computer.

A social engineer will try to manipulate a computer user by using trust rather than exploiting computer security holes. Be aware of anyone who wants to log on to your machine to send a quick email or anyone who claims to be an administrator and requests a password for various purposes.

Never send your password through email. A new trick that hackers use is to try to get people to give away their passwords and other personal information through email. Reputable companies will never ask you to send a password through email. If you receive such a request, notify the company immediately by phone or through their Web site.

Changing Passwords Frequently

A strong password is one that you change on a regular basis. A good practice is to change your password at least every three to six months. Always log out of Microsoft Outlook and other applications or other computers before changing your password.

Special thanks to The Indiana University for the basis of some of this information I used in writing this piece.

Ronald DeVrou
Your Virtual Personal Assistant

No comments: