Security Tango - Keep Your Computer Clean

Passwords

Need help creating random passwords?
Just send a text message to 368266:
securitytango password 9

- and write it down!

Of course, you can substitute any number for the "9"

A guide to good passwords

There are a few things that you need to do to make strong, secure, hard to break passwords. Following these steps won't guarantee you can't be hacked, but they'll go a long way toward protecting you.

Longer Passwords are Better

Passwords should be a minimum of 8 characters. The longer, the better. Studies have shown that a 7-character password that uses upper and lower case characters, numbers, and punctuation can resist cracking for up to 135 days. Add just one more character, and that password can resist cracking for over 35 years!

But length is only the beginning.

Make Your Password Complex

That "35 years" above is only valid if you use a combination of upper case characters, lower case characters, numbers, and punctuation. All of them have to be present.

Change Your Password Regularly

You should change your password every three months or so. The longer each one is out there, the more time a hacker has to bang away at it and crack it.

Passwords Should Be Unique

Don't use the same password in multiple places. If one of them gets cracked (or, more likely, compromised by an insider or virus), the resistance of the others goes from 35 years to half a second.

Don't Share Passwords

Sharing passwords is like sharing gum. Not savory. If just one other person knows your password, that password is now out of your control. Of course, since you shared your password, your control wasn't very good to begn with!

How Much Do You Trust This Computer?

Think twice before typing your passwords on someone else's machine, particularly in public places like libraries or cyber cafes. How sure are you that no one put a program on there to record everybody's keystrokes so they can steal your passwords? If you absolutely must type your password on a machine you don't trust, change that password at the first opportunity (on a machine you know is secure!).

And never, ever type in your eBay, PayPal or bank passwords!

Making Good Passwords

Okay, now that we have all these rules, how do we make good passwords?

To start with, don't use any real words or proper names. There are "dictionary attacks" that are specifically designed to crack those as fast as possible. In multiple languages. Proper names, by the way, includes your favorite sports figures, cars, etc. And don't bother replacing a letter with a number (like 4ct1v3 for active) or punctuation (like @ct!ve). They're on to that.

Using two words separated by numbers just gives them two words to run a dictionary attack against. So happy34monkey is, unfortunately, right out.

The best passwords are completely random, but, of course, we humans have a tough time memorizing completely random sequences. So here's a pseudo-random alternative:

Take a favorite movie quote, or phrase from a song or poem that's at least eight words long:

Hey, where do these stairs go? They go up!

Take the first letter of each word. Keep the punctuation:

H,wdtsg?Tgu!

Replace some letters with numbers (in this case, we replace the 't' with '7')

H,wd7sg?7gu!

And there you have it - a 12-character password that looks totally random, but is easy to remember (assuming you're a fan of Ghostbusters)

Some systems don't like punctuation - in that case, pick a longer phrase.

Okay, admittedly, this works better if you can somehow associate the phrase with the site. Like, for example, any couplet from a Sylvia Plath poem with your bank. Or any quote from a Saw movie with your brokerage. But you can even keep a list of the sites and the sources of the quotes handy. For example:

eBay - Ghostbusters
PayPal - My Favorite Year
eTrade - Stopping By Woods On A Snowy Evening

As long as you don't use the most obvious quotes from each of these sources, guessing your passwords will be very, very difficult.

Still, hide the list

The Ask Nick!™ The Ask Nick!™ Security Security Tango™ Tango™ Sponsored by Sponsored by

Tango Links: Home Let's Dance! Good Passwords Nick's Blog Get the CD Definitions Security News Blame, Credits, etc. Windows Links: *Anti-Virus:* McAfee Security Symantec (Norton) CA's eTrust Grisoft's AVG avast! Panda Software *Anti-Malware:* SuperAntiSpyware Malwarebytes *Firewalls:* ZoneAlarm McAfee Firewall Norton Firewall	Passwords Need help creating random passwords? Just send a text message to 368266: securitytango password 9 - and write it down! Of course, you can substitute any number for the "9" A guide to good passwords There are a few things that you need to do to make strong, secure, hard to break passwords. Following these steps won't guarantee you can't be hacked, but they'll go a long way toward protecting you. Longer Passwords are Better Passwords should be a minimum of 8 characters. The longer, the better. Studies have shown that a 7-character password that uses upper and lower case characters, numbers, and punctuation can resist cracking for up to 135 days. Add just one more character, and that password can resist cracking for over 35 years! But length is only the beginning. Make Your Password Complex That "35 years" above is only valid if you use a combination of upper case characters, lower case characters, numbers, and punctuation. All of them have to be present. Change Your Password Regularly You should change your password every three months or so. The longer each one is out there, the more time a hacker has to bang away at it and crack it. Passwords Should Be Unique Don't use the same password in multiple places. If one of them gets cracked (or, more likely, compromised by an insider or virus), the resistance of the others goes from 35 years to half a second. Don't Share Passwords Sharing passwords is like sharing gum. Not savory. If just one other person knows your password, that password is now out of your control. Of course, since you shared your password, your control wasn't very good to begn with! How Much Do You Trust This Computer? Think twice before typing your passwords on someone else's machine, particularly in public places like libraries or cyber cafes. How sure are you that no one put a program on there to record everybody's keystrokes so they can steal your passwords? If you absolutely must type your password on a machine you don't trust, change that password at the first opportunity (on a machine you know is secure!). And never, ever type in your eBay, PayPal or bank passwords! Making Good Passwords Okay, now that we have all these rules, how do we make good passwords? To start with, don't use any real words or proper names. There are "dictionary attacks" that are specifically designed to crack those as fast as possible. In multiple languages. Proper names, by the way, includes your favorite sports figures, cars, etc. And don't bother replacing a letter with a number (like 4ct1v3 for active) or punctuation (like @ct!ve). They're on to that. Using two words separated by numbers just gives them two words to run a dictionary attack against. So happy34monkey is, unfortunately, right out. The best passwords are completely random, but, of course, we humans have a tough time memorizing completely random sequences. So here's a pseudo-random alternative: Take a favorite movie quote, or phrase from a song or poem that's at least eight words long: Hey, where do these stairs go? They go up! Take the first letter of each word. Keep the punctuation: H,wdtsg?Tgu! Replace some letters with numbers (in this case, we replace the 't' with '7') H,wd7sg?7gu! And there you have it - a 12-character password that looks totally random, but is easy to remember (assuming you're a fan of Ghostbusters) Some systems don't like punctuation - in that case, pick a longer phrase. Okay, admittedly, this works better if you can somehow associate the phrase with the site. Like, for example, any couplet from a Sylvia Plath poem with your bank. Or any quote from a Saw movie with your brokerage. But you can even keep a list of the sites and the sources of the quotes handy. For example: eBay - Ghostbusters PayPal - My Favorite Year eTrade - Stopping By Woods On A Snowy Evening As long as you don't use the most obvious quotes from each of these sources, guessing your passwords will be very, very difficult. Still, hide the list
Text, "Security Tango," and logo Copyright © 2010 Nick Francesco Hosting provided by CLSS Enterprises, the greatest host on Earth This page has been accessed 316,046* times.*