Most of of us either use one username/password for everything or have a variety passwords on Post-It notes around our monitor. Neither of these is a very secure solution. Best practices for computer security require a strong password, but one that you can remember.
It’s pretty easy for hackers to break a password when it’s only a few characters long or it uses a dictionary word (even if it is suffixed with a couple of digits, a hybrid dictionary attack breaks it pretty fast).
The Components of a Secure Password
The basics of creating a secure password:
- Include punctuation marks (,.;), special characters (!#$%^) and numbers.
- Mix capital (uppercase) and lowercase characters.
- Create a unique acronym.
- Short passwords should be 8 chars at least.
Some potential weaknesses to avoid:
- Don’t use a password that is listed as an example or public.
- Don’t use the same password you have been using for years.
- Don’t use a password someone else has seen you type.
- Don’t use a password that contains personal information (names, birthdays or dates that are easily related to you)
- Don’t use words or acronyms that can be found in a dictionary.
- Don’t use keyboard patterns (qwerty) or sequential numbers (12345).
Keeping Your Password Secure
Once you have a good password it’s equally important to keep your password secure:
- Never tell anyone your password or use it where someone can observe it.
- Never send your password by email or say it where others may hear.
- Occasionally verify your current password and change it to a new one.
- Avoid writing your password down. (Keep it with you in a purse or wallet if you have to write down the password until you remember it.)
And never label that scrap of paper in any way. Write it down on an the back of an old business card or something that doesn’t indicate it’s a password. Don’t give anyone who finds (or gains access to) your purse/wallet any clue of what the password means or what it is related to.
Security vs. Usability
128 bit entropy in a password requires a long randomized passphrase, which wouldn’t be very usable, there has to be a trade somewhere between security and usability.
You can also use online password generators such as http://makemeapassword.com/, the problem with these however, is that they do create strong passwords but they aren’t easy to remember, which kind of defeats the purpose.
Another thing you can do is use something like a password safe to keep all the hard to remember passwords in one place, the one I would recommend is from Bruce Schneier and is actually called “Password Safe”.
Password Safe is an Open Source (free) tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under and version of Windows.
You can find it here: http://passwordsafe.sourceforge.net/
