The Importance of Password Security
Passwords are used for virtually everything we do online. Passwords protect our identities on websites, discussion groups, e-mail accounts and more. Many family computers with multiple user accounts employ passwords. They are also used for bank transactions and making secure purchases. With all of this sensitive data at stake, creating good passwords is very important to prevent identity theft. Passwords are the main defense against computer hackers. Hackers typically try to break into a computer or secure account by guessing passwords one at a time. Automated programs can also be used to repeatedly guess passwords from a database of common words or other information. Even the best passwords can be defeated with enough time, skill, and computer processing power – but a strong password is vital to buy time, prevent attacks by less determined hackers, and send up red flags that can help catch such fraudsters in the act.
Secure Password Do’s
Most passwords are case sensitive. This means that capitalization counts: "mypassword" is different from "MyPassword" (neither of which are good passwords, by the way!) Use this to your advantage by using mixed-case typing in your passwords. Capitalize the first letter, every other letter, or some similar, memorable arrangement. Keyboard symbols such as ampersand, pound, percent and others are allowed in almost all passwords, and are very unlikely to be guessed, so use them when possible. Always use at least six, but ideally eight or more characters in a password, with at least one number. If possible, use a password that can be typed quickly and would be difficult for someone nearby to spy on. The “ultimate” password is probably a random sequence of letters, numbers, and symbols, but make sure it’s a sequence you can remember! If any system or account you access has a default password provided by that system, change it as soon as possible.
- Creating a Secure Password: Step-by-step example of an algorithm for producing secure passwords.
- How to Write a Secure Password: Detailed advice on creating good passwords.
Secure Password Don’ts
The most essential mistake to avoid in creating a password is using the word password. This is a very common password and very easy to break. Avoid using any word found in the dictionary, since automatic hacking programs draw on these. Don’t use any version of your network login, especially not reversed. Don’t use names (first, middle, last, nicknames, pet's names), birth dates, or any other common information about yourself that might be learned in casual interactions or stolen by someone willing to snatch your mail. Dates (no matter what format) and sequences of keystrokes (such as 12345) are also easily hacked. Remember that any rule that applies to your password also applies to your password recovery question, which should be something no one should guess – and, like your password, something you should never reveal to others. Finally, don’t write down your passwords! Passwords kept near computers make easy targets for thieves, who can write the passwords down without being detected.
- Password Security: An excerpt from the security guide written by computer pros for Red Hat Linux.
- Microsoft Online Safety Password Checker: Checks given passwords against internal security criteria including dictionaries, common key combinations, and so on.
Creating Secure Passwords
The best password is one that you can remember easily without prompting. Of course, you should use a different password for every secure account so that hacking one will not compromise the others. That can add up to a lot of passwords! Here are some ways to create strong passwords every time:
Use the first number of letter of each line from a page in your favorite book, poem, or song including a scrambled page number, for example: 4bhabjpb7
"Strike" the keyword randomly several times. Change some letters in the resulting text to vowels to make a memorable sequence, and some letters to similar numbers: 1ffw1od.
Use “words” spelled incorrectly, with certain sounds changed to their numerical equivalent: H8work! or @h0me2day
Use a random password generator: d6wmk8sd0
- Password Generator: Free online tool for creating random passwords. Many customizable features to ensure that the generated passwords match the rules for whatever is being secured.
- Random Password Generator: Another random password generator, with the ability to produce up to 100 passwords at a time and password lengths up to 20 characters long.
- Password Meter: Free online tool that rates passwords and explains potential weaknesses.