Michael's Piece of the Webv5.3             10 years on the web
Open All Night

HOME
Blog
Photos
Michael's Guide
Computer Services
Gatti Family Tree
Crafts

My External Sites
Gatti Family Group
eBay Items

Contact Michael



Michael's Guide

Table of Contents

Introduction
Chapter 1 - What Not to Use
Chapter 2 - Good Passwords
Chapter 3 - Vary Your Passwords
Chapter 4 - Keep It Safe

 

introduction
We all use passwords. You have them at work, home and school. The things in your life that don't have passwords have Personal Identification Numbers (PINs). There is no avoiding it. These words and numbers are what keep your money, your identity, your home and your privacy safe and secure. It is very important to choose good passwords.

Chapter 1 - What Not to Use

You’ll often see notices stating that you should choose a strong password. What does that mean? Well, basically it means that you should pick a password that is not going to be guessed. Most people feel that they are safe if they choose a password the average person wouldn’t think of trying. Unfortunately, this is not true. You also need to choose a password that a computer will not be able to guess. There are many password-cracking programs out there. They can try thousands of passwords at a time. While, if given enough time, any password can be cracked, there are ways for you to minimize this risk.

Never use a word that can be found in a dictionary as your password. It is extremely easy for a computer to try every word in the dictionary. This goes for both English and non-English words. The same goes for first names. A cracker will often try every entry in a baby name book. You should also never use anything that is of personal relevance to you, such as any part of your name, address, pet’s name, school or business name, the type of car you drive, etc. These are all items that an intruder would try first.

Another thing to avoid is using consecutive or adjacent keys on the keyboard or using duplicate characters. This means that “qwerty” and “qqppww” are terrible passwords. You should also never use a password that is shorter than 8 characters.

Lastly, don't repeat a previous password, and don’t just keep incrementing the numbers on the end of your password. If someone finds out your password in June is “password6” they are probably going to try “password7” when July rolls around!

TIPTake a look around your desk. Is there anything in your office that would give a clue to what your password? If you have sports memorabilia all over your office, a password that involves your favorite team probably isn't such a good idea.

Chapter 2 - Choosing Passwords

Now that you know what not to use, you might be thinking that you are going to have to use a random string of characters. This is somewhat true. A good password is one that appears random. But even seemingly random characters can have a meaning to you.

A good password will be eight or more characters and contain both letters and numbers. You can also use special characters (such as - + = %) if you are allowed. Most passwords are case sensitive, so use both upper and lowercase letters.

Michael's PickA good place to go for a totally random password is GRC's Password Generator (www.grc.com/pass). This website generates a totally secure, unique and random password everytime you refresh the page. It will generate a 63 character password. If you need a shorter one, just grab as many characters as you need.

A handy trick is to use the first letter of each word in a sentence. For example, “Four score and seven years ago” would yield "fsasya." Of course, this fails several of the tests, so we can make it more secure by changing it to "4S&7ya". In order to make it 8 characters, you can just and 2 more “random” characters, such as "aL" (for Abraham Lincoln) to the beginning. "aL4S&7ya" looks like a totally random set of characters, but it's pretty easy for you to remember. This is an easy way to create a password and a pneumonic device to help you remember it at the same time. You don't have to use a famous quote, either. One that you make up yourself is even better. No one is going to guess "!il2cIf!" if it means "I like to cook Italian food!"

TIPSecret questions... All websites usually make you put a secret question on file with them. If you ever forget your password, they will ask you to answer this question to authenticate your identity. They usually ask for your mother's maiden name, the town you were born in, your pet's name, etc. These are all things people can figure out! Either use a really obscure question to which only you will know the answer or use a fake answer? Yes, I said a fake answer, there is no reason you have to give your mother's real maiden name. Just pick a name. However, make sure you remember what you picked!

Chapter 3- Vary Your Passwords

Ideally, you should use a different password for every item that requires a password. If someone finds out your cell phone password, they don't also have access to your bank account. Of course, remembering this many passwords can be tough. If you use a Macintosh you can use the Keychain feature to store your passwords. Of course, you then need to protect the main Keychain password VERY well! There are also a plethora of programs available for Windows that will do a similar remember passwords for you.

If you don't feel that you can use a different password for everything, then at least use several different passwords. A good strategy is to have a password to use on sites that don't matter. For instance, who cares if someone compromises your password to your subscription to CNN Breaking News Alerts. But don't use that same password on your Amazon account where someone could spend money on your credit card. In other words, if you have to duplicate passwords, only use them in a few places to minimize exposure.

TIPIf you are visiting a site that you don't think you'll ever be returning to again, or that you don't need to use your real information to get product shipped to you, you can use bogus information. A good example of this would be a newspaper site that requires a username and password to read an article.

You also want to have separate sets of passwords for personal and work stuff. The last thing you want is your disgruntled spouse who knows the password to your home's alarm system sending an e-mail from your work e-mail account because it uses the same password.

As I said, it is best to use a different password for everything, but in the real world, we know that's not always possible. You just need to assess each item before deciding whether I should have its own unique password.

Michael's PickBug Me Not is a good source of random log-in information for websites. Just go to www.bugmenot.com and enter the name of the site. They will give you a username and password that someone else created!

Chapter 4 - Keep it Safe!

I already discussed using an automated device to store your passwords. While that is a good idea, many people do not have access to that at work or maybe even at home. While you need to find a way to remember your passwords, you have to be careful how you go about it.

If you want your passwords to be safe, you will not write them down. I know that sounds extreme, but there is a reason that most business and government agencies forbid their employees from writing down passwords. While cracking a password electronically can be time consuming and sometimes impossible, finding a password written down can be incredibly easy. It does not matter how great of a password you have chosen, if an intruder finds it, they will get into your account.

This means no sticky notes on the side of your monitor, no scraps of paper under your keyboard, no list in the back of your notebook or the front of your paper address book (why are you still using that thing anyway!?) and no list laying in your top desk drawer. Go ahead; go throw away those items. I will wait here... OK, are they shredded? Good. You've just eliminated the biggest hole in any security plan.

To avoid allowing your password to be leaked out, you should also be careful when entering it. Even though it will be obscured on the screen, make sure that you don't allow anyone to watch your fingers too closely. It is always possible that they will catch enough of your password to figure out the rest. (Another good reason to make your password hard to guess.)

Changing your password frequently will also keep it safe. You should change most passwords at least once a month. This will minimize the damage if your password is compromised without your knowledge. Some employers (such as certain federal agencies) even require their staff to change their passwords as often as daily.

Finally, just use common sense. Everything I said today is pretty logical when you think about it. So before you do anything with your password, stop and think, "Could someone other than me use my actions to gain access to my password?"

DISCLAIMER
While every attempt has been made to assure all information in this document is accurate, the author assumes no responsibility or liability for any damage or undesired effects resulting from the use of this information. Configurations are different on every computer and results may vary.

This document is copyright 2005 Michael Gatti. No portions may be reproduced or distributed without the express written consent of Michael Gatti.

RETURN TO MICHAEL'S GUIDE
 
 
Google
 

©1997-2012 Michael Gatti