View RSS Feed

jmurrayhead

Strong Passwords and Password Security

Rate this Entry
4 Comments
by
jmurrayhead
on April 6th, 2009 at 09:27 PM (1129 Views)
Introduction

Passwords are the keys to the Personally Identifiable Information (PII) stored on your computer and online accounts. If a criminal or any other type of malicious user were to gain access to this information, they could potentially use your name to open new credit card accounts or even pose as you when purchasing items online.

What Makes a Password Strong?

To an attacker, your password should look like a bunch of random characters, with no meaning behind them. Here are a few things you can do to make your passwords more safe:

  • Make your passwords lengthy: your passwords should be 8 or more characters in length, 14 or more being ideal.
  • Use letters, numbers and symbols: the greater the variety of character types, the harder it is to guess.
    • The fewer types of characters are used, the longer the password should be.
    • Symbols can be used by pressing the "Shift" key while holding down a regular key. This includes punctuation marks and other types of symbols.
  • Use words and phrases that are easy for you to remember but hard for others to guess.
Things to Avoid When Creating Passwords
  • Avoid sequences or repeated characters like '1234567890' or '222222222'.
  • Avoid your username.
  • Avoid words in the dictionary of any language.
  • Use multiple passwords for different accounts. If one account is compromised, the others will still be safe.
  • Don't store your passwords online or on network computers. If found, an attacker will have access to your information.
  • Avoid using only look-alike characters, like in 'P@ssw0rd'. Attackers know enough to try these characters, such as the '@' for 'a' and '0' for 'o'.
Conclusion

If you have problems thinking of a good password, you can use our Random Password Generator, which allows you to choose the length and strength of the password. Password security is very important to protecting your personal data. Never reveal your passwords to anyone.


Submit "Strong Passwords and Password Security" to Digg Submit "Strong Passwords and Password Security" to del.icio.us Submit "Strong Passwords and Password Security" to StumbleUpon Submit "Strong Passwords and Password Security" to Google

Categories
Security

Comments

  1. don94403 - July 12th, 2009 02:51 PM
    don94403's Avatar
    Your rules are certainly good advice and I wouldn't disagree with any of them. But I would raise the lurking practical issue that it's very difficult to manage a large number of passwords that are different, as well as lengthy. With so many web sites and commercial operations requiring passwords, for example, I use nearly 50 passwords! I manage them with a handy, open source password manager called KeePass. I think a discussion of password security needs to acknowledge this issue and provide suggestions, otherwise people tend to just give up and commit serious security breaches. Another suggestion is to mention the differences between passwords used on public web sites and passwords, for instance, to protect accounts or files on a local computer or network. At least it's my opinion that the level of security is different and it makes it reasonable to apply different techniques.

    In any case, it's an important topic and thanks for writing such a good set of rules.
    • |
    • permalink
  2. jmurrayhead - July 12th, 2009 04:14 PM
    jmurrayhead's Avatar
    That's a good point, Don, and I'm glad you brought it up. Many sites today are adopting an identity system, known as OpenID. This allows you to use one authentication method to login to multiple sites. See here for a list of sites that have already adopted this: OpenID How do I get an OpenID?

    To me, there is not a big difference between passwords to access files on a local computer or network and passwords to access public web sites. Many public sites contain PII which could be damaging to the owner if compromised. Even MySpace for Facebook could have one's address, birth date and phone number, which could definitely be used by a malicious user. Certainly, web sites that contain non-PII data should have a different password than a site that does. For example, (and this is going way out there), if you have a membership to a free adult web site. You definitely would want that password to be different than the one you use to login to your bank account. I also take note of sites that send me my password in plain text. This is a big no-no and I either delete my membership or simply come up with an un-used password just for that site. Just a couple of things to think about.
    • |
    • permalink
  3. don94403 - July 12th, 2009 10:41 PM
    don94403's Avatar
    Also good points. Actually, I was thinking in terms of using stronger passwords on public web sites than perhaps on local systems, for example, in the home. Of course situations vary widely, but for example, I have a Linux machine that requires a password to start up, but I keep absolutely no important personal or financial data on it, so I don't use a strong password. In the workplace, again, the situations differ widely, with respect to both what information is stored and who else has access and the likelihood of physical theft, etc.

    So tell me, what adult sites do you have memberships in???
    • |
    • permalink
  4. jmurrayhead - July 13th, 2009 08:59 AM
    jmurrayhead's Avatar
    That's true, Don. I can't see a good reason for coming up with a strong password for something that has nothing important to protect.

    And just for the record, I was using that as an example. I don't really have memberships to adult sites...I just randomly browse them
    • |
    • permalink

SEO by vBSEO