Password Protection Tips
In continuing with the security theme of last week, today we’re going to talk about passwords. By now, you probably are sick of people talking about passwords but they are arguably the most important thing when it comes to security. If your password becomes compromised, another person can essentially use your digital identity and do with it what they will. Last week we discussed phishing, and why you should never give your password to anyone. This week, we’re going to talk about the steps you can take to make sure that other people cannot guess your password, or that a password compromise on one service does not affect you elsewhere.
Passwords are a tricky subject because you need to find the balance between “easy to remember but difficult to guess.” If the password is too complex that you need to write it down, its near useless. If it is too easy to guess, it is also near useless. We’ll go over what makes a good password and a bad password, and how you can make some that will work for you.
What makes a password a bad password? The following: Your name, the name of your pets, the name of anyone you know, or anything found in the dictionary. Petsname1 is a terrible password, despite the fact that it technically meets requirements. Continuous strings of characters are also generally bad. abcd1234 is a common password, and is one of the first thing that crackers go to when they are trying to get in. To a lesser extent, something like p@$$w0rd is not a good password either. Cracking tools will replace common letters with their numbered counterparts (a=@, s=$, etc). This is why its important to use multiple layers to protect yourself, and to avoid dictionary words whenever possible.
Now, you may be thinking “If all of that makes for a bad password, how am I ever going to remember a good password?” There are a few different techniques; some are harder to remember than others depending on how you think, but all will be secure.
One technique is actually quite simple and only requires that you add a little bit to the end of a bad password. It doesn’t take much to turn a bad one into a good one. P@$$w0rd is not good, but P@$$w0rd.20 is much better. Because you have to change passwords frequently, some people find it easier to use a base password “P@$$w0rd” in this case, and just adjust a couple of extra characters. Having to remember “.20″ or “67%” is easier than learning a whole new password. I personally do not like this, but some people find it easy to remember.
Another technique is also the passphrase. This is a series of words that add up to a very long password. It’s increased length makes it that much more difficult to guess. If you have a son named Joshua, Joshua1 would be a terrible password. If Josh plays baseball, what is his number? “Joshplaysbaseball23″ is a strong password simply because of its length. You can get very creative with passphrases, and the more thought you put into one, the easier it will be to remember it. Mix in some special characters too, as well as mixing up case. J0shPlaysBa$eball23 is highly complex, but easy to remember.
The more visual people out there will appreciate the third type of password: the key pattern. These are essentially gibberish. $RFVbhu7 is done by drawing a “V” on your keyboard. Start at the “4″ and hold shift on the way down, and let go of shift on the way up. You can extend this into a big “M” for “ZSE$RFVbhu8ik,” While something that long may be unnecessary, you can get creative with these types of passwords as well. Some people like to draw a big 7 (BHU*7654), or a big L (%TGBnm,.) . Get creative. The only thing you really have to remember with a lot of these is the starting key.
Of course, all of these passwords are useless if you tell them to someone, so I will remind you again to NEVER TELL ANYONE YOUR PASSWORD. However, that was last week. This week is more about how to stop people from accessing your account when you didn’t give them your password. For this, apart from following the above rules, the best thing you can do is to not use the same password for multiple sites. Don’t use the same password for your work email as you do for Facebook. If someone ever got your Facebook password, you wouldn’t want them to have the password to your work email (especially if the email address is the same). We understand that there’s only so many passwords you can remember, so save one password for all the blogs that you signed up for. Those types of websites are more likely to be susceptible to a breach (and save your password in human-readable form). If you lose it on one, its not that big of a deal if your blog-commenting accounts all share the same password.
To summarize, use some new techniques to make your passwords and get creative. If you put thought into creating it, it will make it easy for you to remember. Don’t use work passwords for non-work sites. Try to have your email address(es) have unique passwords, as compromises on those will have more serious consequences. Lastly, remember, do not give anyone your password, ever.