Password Strategies That Keep You Safer

Sunday, June 24, 2007

I have often suspected that some of those passwords all of us use when we set up user accounts could leak out and be seen by prying eyes. It would not take much of a security breach for that to happen.

My suspicion was confirmed by an email I received that would have been immediately flushed as Spam, except for one curious feature. It showed a password I actually use, but I never registered for the account that the email was confirming! How would you react if that happened to you?

I'm not worried because this particular password is what I consider a low security password. I have a few that I routinely use that should they ever become compromised, as this one was, there is little or no damage that could be done with them. I am now glad I took this precaution.

All too often, computer security advice is not taken seriously enough. Don't take your password strategy lightly.

Here are a few things to consider when you develop a password strategy:

1. First, do what I did; create at least a two or three "low security passwords" that you use for things where no damage can be done if the passwords are compromised. You can use the same ones for many different "accounts" so you have less passwords to remember.

2. You will also want some medium to relatively high passwords. These should ideally be used for only one or two places. If your low security passwords are ever discovered, they can't be used to get into higher priority places.

3. I would recommend you NEVER use your email, computer, or network password for any other purpose. Those passwords should be completely unique.

4. Then there are the high security passwords. These are the ones like your bank account or credit card account. I would recommend these be the most "complex" and that each account should have a unique password.

OK, perhaps that might seem a little daunting to have so many passwords, but it is worth the effort. Obviously, it is just as important how you create your passwords. There are good passwords, and there are bad passwords. Unfortunately, those easy ones are the bad passwords. You might be surprised how easily your passwords can be compromised if you don't create them correctly.

There is something called "password crackers" which is software that can "crack" an insecure password in as little as a couple seconds. Do not, I repeat, DO NOT use a password that can be found in the dictionary. It will be easily cracked. Also, anything that is sequential on your keyboard will be used by password crackers. In other words, "QWERTY123" is another example of a bad password.

You've probably heard this before, but it's worth mentioning. Don't use anything that someone could easily guess. Avoid using birthdays, anniversaries, children's or pet's names, Social Security Numbers, or anything like that.

So then, what makes a good password? A minimum of eight (8) characters is one rule, and longer for more sensitive areas like your bank account. Length alone is not enough. It needs to be complex: a combination of letters (preferably both UPPERCASE and lowercase), numbers, and symbols. The symbols are more optional on lower security passwords, but the more security you need, the better it is to use them.

Maybe you're thinking, "Wow, that's too difficult, I mean, 'X638b4%@mcl*N54st' is a horrible password to remember!" There is good news. With a little creativity, you can create a formula for good passwords. Think of something that has some significance to you. Remember the rule though that it should not be easy for someone to guess. Suppose your first friend you can remember was a neighbor named Sammy when you were 4 years old living on Elm Street. You could create a password such as "S@mmy!stBud-Elm@4" that would be both memorable and secure.

This password advice would not be complete without a few more useful tips:

• Do not create a password list and tape it inside the top drawer of your desk
• Do not tape a password list underneath your computer keyboard
• Do not put passwords on a sticky note attached to your computer monitor
• For best security, do not put a password list anywhere near your computer

Another item worth mentioning is that it's a good idea to change passwords regularly, but not to the extreme. If you work for a company that forces password changes every week (or some other "secure" interval), tell them they need to read this. Changing passwords too often has resulted in users creating less secure passwords. Let's face it, how often can you come up with great passwords that are secure? It is better to keep secure passwords longer than to keep changing it frequently with less secure passwords.

Password security should not be taken lightly. If you have been using insecure passwords because you didn't realize there was such a thing as password crackers, it's time to correct that vulnerability. If you have only heard the term "phishing scam" and do not know what that is, or how they work, I highly recommend educating yourself so you do not fall victim to one. Use a Google search to learn about phishing scams. When you take this stuff seriously, you should be the only one accessing those things which you should be the only one accessing.

About the Author:
Steve Chittenden seeks to help business owners and organizations market themselves effectively and succeed. His company, Creative Business Services, provides carefully planned web design, graphic design, writing, and marketing services aimed at achieving this goal. Please visit for more information.


Author: By Steve Chittenden
See Also