Creating Strong Passwords
Wednesday, October 14, 2015
Think about the number of personal identification numbers (PINs), passwords, or passphrases you use every day: getting money from the ATM or using your debit card in a store, logging on to your computer or email, signing in to an online bank account or shopping cart...the list seems to just keep getting longer. Passwords are like keys to your personal home online. You should do everything you can prevent people from gaining access to your password.
One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that someone is the person they claim to be is the next step, and this authentication process is even more important, and more difficult, in the cyber world. Passwords are the most common means of authentication, but if you don't choose good passwords or keep them confidential, they're almost as ineffective as not having any password at all. Many systems and services have been successfully broken into due to the use of insecure and inadequate passwords, and some viruses and worms have exploited systems by guessing weak passwords.
Tactics to use when choosing a password:
- Avoid the obvious. While you may be tempted to use your birthday or phone number or even the word “password,” don’t do it. All of these practices are more common than you might think and makes your online banking password more at risk of compromise. Try to come up with something that no one would ever guess.
- Go For Long, Not Short. Short passwords can be easily memorized by someone looking over your shoulder and are easily cracked using certain types of hacking software. Make yours longer, maybe an entire sentence, if possible. The more characters there are, the harder it will be to figure out.
- Mix it up. Use a variety of different characters: upper-case letters, lower-case letters, number, even an “!”,” &”, or a” %”. The more variety you can use, the better. You can even get creative. For instance, “sandcastle” can turn into “s&castle.”
- Change Your Password Often. It’s easy to get lazy and use the same password year after year, but internet security experts suggest changing your password every 30 – 60 days. Think of it as changing locks on your online life once a month. It’s free, easy, and keeps your online bank account as secure as possible, so why not do it?
- Don't Use the Same Passwords for All of Your Accounts. In the event that someone figures out one of your passwords, the last thing you want is for them to be able to access all of your personal information. A good rule of thumb is to have one password for less sensitive information (i.e., social networking sites, email, instant messaging) and another for sites that contain your financial information.
How can you protect your password?
Now that you've chosen a password that's difficult to guess, you have to make sure not to leave it someplace for people to find. Writing it down and leaving it in your desk, next to your computer, or, worse, taped to your computer, is just making it easy for someone who has physical access to your office. Don't tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords.
Also, many programs offer the option of "remembering" your password, but these programs have varying degrees of security protecting that information. Some programs, such as email clients, store the information in clear text in a file on your computer. This means that anyone with access to your computer can discover all of your passwords and can gain access to your information. For this reason, always remember to log out when you are using a public computer (at the library, an internet cafe, or even a shared computer at your office). Other programs, such as Apple's Keychain and Palm's Secure Desktop, use strong encryption to protect the information. These types of programs may be viable options for managing your passwords if you find you have too many to remember.
There's no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.