Good Passwords

August 6, 2009 at 4:55 pm | Posted in Computers, Hardware, Internet, Online services, Security, Web Apps | 8 Comments

Picking good passwords to use on the Wild Wild Web has become a bit of an art form that many are unfamiliar with. An excellent article was posted on the subject in Window’s Secrets. The article observes how a minor flaw in a webmail program highlights the importance of using strong and varied passwords on-line. How would you feel if your email account was shut down because it was being used by spammers? The more we move on-line, the smarter we need to be about this. Otherwise, we leave our front door standing open.

Fred Langa also wrote a good article on passwords a few years ago. A little out of date but he makes some further points.

The trick for many people is how to make good passwords and how to remember them. The articles suggest techniques you can use although suggest you not copy theirs but develop your own. They include lots of tips plus techniques for keeping track of them. I talked about Password Managers recently.

Basically, passwords that blend upper and lower cases, numbers and symbols are best. If you go about 8 characters with 3 of the 4 types, you’ll be fine for most uses.

Many use some sort of word to start with to make it easy to remember. One technique for avoiding ‘dictionary’ words is to use letters from a sentence (passphrase). But don’t use popular sayings – that’s like using a dictionary word. If you’re visual, what about a series of words that describe something. Or if you like music, the letters from a favorite verse. Kind of like personal acronyms.

Another way is to use nonsense words you make up. In a web app we built, we included a tool for suggesting such passwords. They could be word-like but not real words. Foreign words are also possible if they are uncommon.

You then add numbers and symbols, perhaps mess with the letters by converting some to symbols or inserting numbers or changing sequence and so forth. Hard to guess but something you personally can easily remember. You can of course use memory association to help remember.

Interestingly, the symbols above numbers are the most commonly used so less secure – don’t forget the ones on the right side of the keyboard.

It’s also important to not use the same password everywhere – especially not mixing one’s for your computer and the Internet. Places like on-line banking should especially be unique and secure. Otherwise, getting one password opens every door – to your work, car, home, and gym. The on-line version of identity theft. The Secrets article suggests customizing passwords for each site by adding something from the site name. Just don’t use the same one for your computer or router*.

The idea is to avoid using things that could be described by simple logic or checked from a list.

The Secrets article links to a password checker on the Microsoft web site. An interesting tool although it should be noted that it will mark anything under 8 characters as weak. Go Best for banking.

The Password checker links to a further page on how to make strong passwords that has some further tips – a few curious. I don’t agree with all the advice on any of these articles but security is always worth a review. Sometimes it’s about balance – when does security become excessive and non-productive. And when does a little caution make all the difference. A few tips and tweaks can make life easier. And help you understand consequences.

Routers
*And for goodness sake, if you bought a router and didn’t change the password, do so now. Routers are what you’re exposing to the Internet. They advertise their make and model. No guessing required to take them over. If you don’t change the Wireless settings, some will even broadcast “kick me, I’m stupid”, giving your neighbors free Internet access and information about your network. That entirely defeats the point of having a router. Read the ‘quick setup’ guide. Proper setup takes just a few minutes. Even a used router can be reset to defaults and it’s guide downloaded from the maker.

While you may think sharing your connection is being nice, if you do so publicly, your ISP’s records of who’s downloading porn, spamming, etc. will point to your router. Smart crackers use others connections to do the dirty.

Login
The other half of the equation is your login. The trend to using email addresses as logins on web sites has meant that the password becomes even more important. No guessing for the login required. It also means a persons presence on various web sites is easily searched. Have you searched your email address lately? And the email address easily picked up by spammers. Amazing how many sites play open with your email address.

Best for that is to create an email address on a free webmail service like gmail.com that doesn’t use your real name. Gmail has good spam filters and can be set to forward the email to your usual email account. Use the Gmail account for any web or registration uses and it keeps the spam way down in your inbox. I get WAY more spam in my public email account.
David

8 Comments »

RSS feed for comments on this post. TrackBack URI

  1. Here’s another good (and FREE!) resource:
    http://www.pctools.com/guides/password/

    This is a random password generator that can be customized to generate a list of strong passwords to choose from.

    -Bob

    Like

  2. Hi Bob

    Thanks for that – good tip.

    I found by fiddling with the settings and trying a few variants, I could get word-like passwords (easier to remember) that were still strong. Set the number of passwords to 10 and choose the one you like best.

    The page also has a free download-able password utility for offline use. Create passwords, check others for strength like the link I mention in the article, and a Revealer tool (slightly less useful) for asterisked passwords you have saved in Internet Explorer. (forgotten but you can’t see a saved one)

    Like

  3. A good mix of letters, numbers and symbols should make up a strong password. As mentioned, never use the same password across all accounts. Use a certified password manager if you have difficulty remembering passwords like I do. I use a TRUSTe certified password manager called Billeo https://addons.mozilla.org/en-US/firefox/addon/12715 Remember, nothing beats a strong password.

    Like

  4. Hi Dana

    Well, I expect you would use Billeo as you work for them. If you are someone who uses a lot of eCommerce or secure sites online, such a browser add-on could be useful. Glad to see the private data is stored locally and encrypted. One reviewer said he liked it better than Roboform and its apparently free.

    This tool adds a toolbar to Firefox which also opens a sidebar for data. It has a password manager, a form filler, a tool for saving receipts and payment pages, and a payment reminder.

    I usually print receipts to PDF so they’re stored with the bills. The last I’d prefer to keep in a Calendar program so my events are not scattered across many services. It’s one of the dangers of some technology tools – ending up with your data stored across many places. Hard to find so easy to loose. I only recently brought all my address books together.

    But that does not detract from what may be a good tool for handling all that routine or hard to remember data for form entry.
    Thanks for the tip.

    Like

  5. Here’s another checker. The Microsoft one above has a few weakness. But it does run locally on your computer with javascript.

    http://www.passwordmeter.com/

    Like

  6. […] written on this subject before:  Good passwords  Password […]

    Like

  7. […] talked about good password techniques […]

    Like

  8. I notice now the Microsoft password links are no longer valid. The 2 linked in comments above are still good. Since this article, I started using LastPass password manager. It includes a built in password generator.
    https://fornow.wordpress.com/2012/07/11/browsing-safe-sites-securely/

    Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.