How To Write the Good Password
1. Don't be so easy."123456" is the most commonly used password out there. "QWERTY" is number 20. "Password" is number four.
These disturbing statistics are from a recent analysis by Imperva, a computer security firm in Redwood Shores, CA, of a recently discovered file of 32 million stolen passwords. Similar research both 10 and 20 years ago revealed similarly sad situations.
2. Longer is better.
The same study also found that 26 percent of people used passwords that were only 6 characters long. In fact, nearly half were shorter than eight characters. With six characters, your password can have 308 million letter combinations. That sounds like a large number, but for modern hackers with automated password cracking programs, six characters spells "easy meat." NASA warns its employees that hackers can try that many combinations in a few minutes – and then start ransacking your account.
3. Use the shift key.
If your measly six-letter passwords combines uppercase and lowercase letters, things aren’t quite as hopeless, as you have upped your game to 19 billion combinations. If you move on to eight characters (which NASA advises as a minimum) you're up to 53 trillion.
4. Comic book cussing is good.
Including characters from outside the alphabet (including numbers) sends the possible combinations sky-high. Indeed, NASA calculates that an eight-symbol password with at least one lowercase letter, one uppercase letter, one numerical character, and one special character or punctuation mark gives slightly more than 6 quadrillion (that's 6 followed by fifteen zeros) combinations.
5. Keep it centered.
By now you've figured out that you should not use any words out of a dictionary. This includes slang and vernacular, plus names, especially your own. Variants of e-mail addresses are also unwise. Obviously, the way to go is potential gibberish, like "Szb21#^&." But keep in mind that some passwords are gleaned by hacking into computers where intruders can find stored passwords. Those are stored in encrypted form, but there's software that can attack the encryption. Nearly all encrypted passwords are stored with the last character in clear text, warns NASA, so the last character is a throwaway. So put the funny, unpredictable characters in the middle of the password. In other words, our example would be better as "Szb#^&21."
6. Keep it fast, keep it mental.
The password should be something you can type quickly, so no one can follow your fingers as they fly across the keyboard. It also has to be something you can remember with precision without writing it down – something you should never do. Experts suggest using a passphrase that stands for the password. For instance, our example could stand for "Sally's zealous boss's number's (#) up (^) and (&) it's blackjack (21.)" If that makes no sense, that's sort of the point.
7. Remain paranoid.
Just because the police have not shown up at your door does not mean your password has not been stolen, somewhere. To preempt anything that may be in the works, change your password every three months. But don't add a numeral 1 to the end of the password and call it changed – do a little more work than that.
8. Don't double up.
Don't use the same passwords for your office computer that you use on Web sites. Actually, it's best to use different ones each time, but its especially important to separate office from Web use, since Web passwords are more exposed to hacker theft.
9. Loose lips sink ships.
Now that you've come up with a sensible password, don't divulge it – especially to sudden callers whom you've never heard of, saying they're from the corporate help desk and who have a plausible story about how they need your password in order to rescue some important file that your boss must access immediately to prevent something dreadful from happening, etc.
10. Don’t turn your back on your computer.
Not that it's plotting against you, but when it comes to doing potentially illegal activities, people prefer to do it with someone else's computer. Turn off your computer when you're not using it. That saves power, too.
Labels: hot tips