Password Security

password

Yep, real secure. I bet many of you are wondering how I just guessed your password. Oh, that’s not it? Okay, then how about letmein? qwerty? abc123? There are hundreds like those, all of them insecure. Pretty much all of us have used them (or some variant) at some point in our lives. It makes me wonder why we even bother with a password, it’s like having a knee high wall around a city.

Why Have Strong Passwords?

People say that they don’t like to have a real password because then they might actually have to remember it. But that makes us ask why we even have a password in the first place. Wikipedia defines a password like this:

“A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource” (source: http://en.wikipedia.org/wiki/Password)

So a password is a mechanism that is supposed to let the authorized people have access to a resource and keep everyone else out. What happens if the password is weak, therefore making it easy to guess? It becomes easier for unauthorized people to access the resource.

So it really boils down to one simple question. How important is the resource to you that that the password is guarding? The stronger the password, the safer the resource. password123 is probably not the safest bet for your online banking.

What Makes a Strong Password?

So what makes a strong password? Again, turning to Wikipedia:

  • Include numbers, symbols, upper and lowercase letters in passwords
  • Password length should be around 12 to 14 characters
  • Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information (eg, dates, ID numbers, ancestors names or dates, …). (source: http://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords)

This is the classic “textbook” definition of a strong password. Passwords such as these are incredibly difficult to crack. I would recommend using these for any resource that you don’t want to lose.

A Couple Other Tips

In addition to not having strong passwords, many people make another mistake, using the same password in multiple places. This adds insult to injury, because if someone cracks your weak password, they can now have access to every resource that uses that same password! Don’t re-use your passwords.

Also, it’s a good idea to change your password periodically. I’ve heard numbers from once a week to once every 6 months The point is, the more often you change it, the safer you are.

Storing Your Password Dos and Don’ts

Dont –

  • Use sticky notes on your monitor – No comment…
  • Tell anyone your password – This is wrong on two sides. First, if you can even “speak” your password, it’s too simple. Second, if someone needs to have access to the resource, set up an account for them (if possible). If there is absolutely no other option, then go deep into the woods, dig a 50 foot pit, 128-bit hash the password, use sign language to communicate the hashed password, and then brainwash every single rabbit, bird, or deer within a 20 mile radius.
  • Store it in a notebook – Even if you keep it in a safe
  • Store it in an MS Word Document – even if you password protect it.

Do –

  • Use a password generator
  • Consider using software that stores your passwords by hashing them – Be careful only to use good software for this. Don’t get cheap with encryption. Use at your own risk.
  • Memorize – Often, the safest place to keep an important password is in your brain. No man can hack that, that I know if, unless you happen to be referring to the mafia.

Closing Remarks

Let’s review what we have covered:

  1. Use strong passwords – this is probably the biggest factor (apart from not using sticky notes)
  2. Change your passwords – At least monthly is a good idea
  3. Only use the same password once
  4. Use wisdom in storing your password

Keep these tips in mind the next time your creating a password. They might save you from a lot of headache.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: