Chapter 1 - What Not to Use
Chapter 2 - Good Passwords
Chapter 3 - Vary Your Passwords
Chapter 4 - Keep It Safe
We all use passwords. You have them at work, home and school. The things in your life that don't have passwords have Personal Identification Numbers (PINs). There is no avoiding it. These words and numbers are what keep your money, your identity, your home and your privacy safe and secure. It is very important to choose good passwords.
You’ll often see notices stating that you should choose a strong password. What does that mean? Well, basically it means that you should pick a password that is not going to be guessed. Most people feel that they are safe if they choose a password the average person wouldn’t think of trying. Unfortunately, this is not true. You also need to choose a password that a computer will not be able to guess. There are many password-cracking programs out there. They can try thousands of passwords at a time. While, if given enough time, any password can be cracked, there are ways for you to minimize this risk.
Never use a word that can be found in a dictionary as your password. It is extremely easy for a computer to try every word in the dictionary. This goes for both English and non-English words. The same goes for names. You should also never use anything that is of personal relevance to you, such as any part of your name, address, pet’s name, school or business name, the type of car you drive, etc. These are all items that someone who knows you would try first.
Another thing to avoid is using consecutive or adjacent keys on the keyboard or using duplicate characters. This means that “qwerty” and “qqppww” are terrible passwords. You should also never use a password that is shorter than 12 characters when allowed.
Lastly, don't repeat a previous password and don’t just keep incrementing the numbers on the end of your password. If someone finds out your password in June is “password6” they are probably going to try “password7” when July rolls around!
Take a look around your desk. Is there anything in your office that would give a clue to what your password? If you have sports memorabilia all over your office, a password that involves your favorite team probably isn't such a good idea. Actually, a name of a sports team is probably a bad idea anyway.
Now that you know what not to use, you might be thinking that you are going to have to use a random string of characters. This is somewhat true. A good password is one that appears random. But even seemingly random characters can be memorable to you.
A good password will be 12 or more (preferably more) characters and contain both letters and numbers. You should also use special characters (such as - + = %) if you are allowed. Passwords are case sensitive, so always use both upper and lowercase letters.
A good place to go for a totally random password is GRC's Password Generator (www.grc.com/pass). This website generates a totally secure, unique and random password everytime you refresh the page. It will generate a 63 character password. If you need a shorter one, just grab as many characters as you need.
A handy trick is to use the first letter of each word in a sentence. For example, “Four score and seven years ago” would yield "fsasya." Of course, this fails several of the tests, so we can make it more secure by changing it to "4S&7ya". It looks like a totally random set of characters, but it's pretty easy for you to remember. This is an easy way to create a password and a pneumonic device to help you remember it at the same time. You shouldn't use a famous quote, of course. One that you make up yourself is better. No one is going to guess "!il2cIf1neW!" if it means "I like to cook Italian food one night each week!"
Secret questions... All websites usually make you put one or more secret questionon file with them. If you ever forget your password, they will ask you to answer this question to authenticate your identity. They usually ask for your mother's maiden name, the town you were born in, your pet's name, etc. These are all things people can easily figure out! Either use a really obscure question to which only you will know the answer or use a fake answer. Yes, I said a fake answer. There is no reason you have to give your mother's real maiden name. Just pick a name or better yet use a random pasword. However, make sure you remember what you picked!
You need to use a different password for every item that requires a password. If someone finds out your Amazon password, they don't also have access to your bank account. Of course, remembering this many passwords can be tough. If you use a Macintosh you can use the Keychain feature to store your passwords. Of course, you then need to protect the main Keychain password VERY well! There are also a plethora of programs available for Windows and Macintosh that will do a similar remember passwords for you.
If you are visiting a site that you don't think you'll ever be returning to again, or that you don't need to use your real information to get product shipped to you, you can use bogus information. A good example of this would be a newspaper site that requires a username and password to read an article.
You also want to use totally unrelated passwords for personal and work stuff. The last thing you want is your disgruntled spouse who knows the password to your home's alarm system sending an e-mail from your work e-mail account because it uses the same password.
Bug Me Not is a good source of random log-in information for websites that aren't important. Just go to www.bugmenot.com and enter the name of the site. They will give you a username and password that someone else created! Why waste time making up bogus info when you can use bogus info someone else already thought up?
I already discussed using a password manager to store your passwords. While that is a good idea, many people do not have access to that at work or maybe even at home. While you need to find a way to remember your passwords, you have to be careful how you go about it.
If you want your passwords to be safe, do not write them down. I know that sounds extreme, but there is a reason that most business and government agencies forbid their employees from writing down passwords. While cracking a password electronically can be time consuming and sometimes impossible, finding a password written down can be incredibly easy. It does not matter how great of a password you have chosen, if an intruder finds it, they will get into your account.
This means no sticky notes on the side of your monitor, no scraps of paper under your keyboard, no list in the back of your notebook or the front of your paper address book (why are you still using that thing anyway!?) and no list laying in your top desk drawer. Go ahead; go throw away those items. I will wait here... OK, are they shredded? Good. You've just eliminated a big hole in your security plan.
To avoid allowing your password to be leaked out, you should also be careful when entering it. Even though it will be obscured on the screen, make sure that you don't allow anyone to watch your fingers too closely. It is always possible that they will catch enough of your password to figure out the rest. (Another good reason to make your password hard to guess.)
Changing your password frequently will also keep it safe. You should change most passwords at least once a month. This will minimize the damage if your password is compromised without your knowledge.
Finally, just use common sense. Everything I said here is pretty logical when you think about it. So before you do anything with your password, stop and think, "Could someone other than me use my actions to gain access to my password?"
While every attempt has been made to assure all information in this document is accurate, the author assumes no responsibility or liability for any damage or undesired effects resulting from the use of this information. Configurations are different on every computer and results may vary.
This document is copyright 2013 Michael Gatti. No portions may be reproduced or distributed without the express written consent of Michael Gatti.
RETURN TO MICHAEL'S GUIDE