Tuesday, April 7, 2009

Four Steps to Better Passwords

Photo of many locks securing a gateMany people glaze over when the subject of passwords comes up. I think it's because us IT folks tend to make things seem a lot more complicated than need be. Here are 4 easy steps to help you create better passwords to protect your personal information:

1. Make Your Passwords Longer
The concept is simple: The longer a password is the harder it is to crack. In practice, though, this can be intimidating. Instead of thinking of a long password, try to come up with a long passphrase. Something like "thequickbrownfoxjumpedoverthelazydog" is magnitudes more difficult to crack than "texasfootball."

2. Make Your Passwords More Complex
Length alone, though, isn't enough. Passwords should also be complex. By using mixed-case letters, numbers and special characters you increase the possible number choices a cracker will have to try before guessing correctly. "TexasFootball1234%" is much more time-consuming to crack than "texasfootball12345."

To help make your passwords complex, try coming up with a phrase which will be easy for you to remember, but hard for someone to guess. Try something like one of these:
  • IW@sB0rnInTexas
  • W@sIB0rnInT3x@s?
  • W@s1B0rn@t@LL?
  • B@n@nnaGu@c@m0le!
(In the above examples, the zero substitutes for "o")

At first, it might be harder to type something like the examples above, but after a few times you'll get used to it and it will seem like second nature.

3. Make Your Passwords Diverse
Having the same password for every web site and/or system you use is not the best way to go, security-wise. If someone were to get your email password, would you want them to be able to get into your online banking system, too? This is where things can get very complicated unless you have a system. Try implementing a pattern where you change a part of your passphrase for each web site. Perhaps something like this:
  • For Gmail: GM_B@n@nn@Gu@c@m0le!
  • For Hotmail: HO_B@n@nn@Gu@c@m0le!
  • For Twitter: TI_B@n@nn@Gu@c@m0le!
  • For you bank: BofA_B@n@nn@Gu@c@m0le!
The key is to make it complex, yet easy to remember. With a little imagination you can come up with something which works for you.

4. Change Your Passwords Periodically
Most corporate systems require periodic password changes. Most public systems, though, do not. Just because a system doesn't require password changes, it doesn't mean you can't (or shouldn't) change every so often. Regular changes help increase your overall security stance which will help keep your personal information safe. This is another area where a pattern can come in handy. Perhaps you can use titles of your favorite songs when you change. Something like this:
  • January: Sult@ns0fSw1ng
  • April: M0t0rC1tyM@dh0use
  • July: NutbushC1tyL1m1ts
  • October: Sp1r1t0fTheR@d10
If you combine this pattern of changing with the pattern of diversity, you have a pretty good combination of diversity and longevity.

If you have any methods for making complex passwords work for you, please feel free to share them. Just don't post your real passwords here, you never know who's watching ...

Photo credit: mikebaird
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)