Good Passwords

August 6, 2009 at 4:55 pm | Posted in Computers, Hardware, Internet, Online services, Security, Web Apps | 8 Comments

Picking good passwords to use on the Wild Wild Web has become a bit of an art form that many are unfamiliar with. An excellent article was posted on the subject in Window’s Secrets. The article observes how a minor flaw in a webmail program highlights the importance of using strong and varied passwords on-line. How would you feel if your email account was shut down because it was being used by spammers? The more we move on-line, the smarter we need to be about this. Otherwise, we leave our front door standing open.

Fred Langa also wrote a good article on passwords a few years ago. A little out of date but he makes some further points.

The trick for many people is how to make good passwords and how to remember them. The articles suggest techniques you can use although suggest you not copy theirs but develop your own. They include lots of tips plus techniques for keeping track of them. I talked about Password Managers recently.

Basically, passwords that blend upper and lower cases, numbers and symbols are best. If you go about 8 characters with 3 of the 4 types, you’ll be fine for most uses.

Many use some sort of word to start with to make it easy to remember. One technique for avoiding ‘dictionary’ words is to use letters from a sentence (passphrase). But don’t use popular sayings – that’s like using a dictionary word. If you’re visual, what about a series of words that describe something. Or if you like music, the letters from a favorite verse. Kind of like personal acronyms.

Another way is to use nonsense words you make up. In a web app we built, we included a tool for suggesting such passwords. They could be word-like but not real words. Foreign words are also possible if they are uncommon.

You then add numbers and symbols, perhaps mess with the letters by converting some to symbols or inserting numbers or changing sequence and so forth. Hard to guess but something you personally can easily remember. You can of course use memory association to help remember.

Interestingly, the symbols above numbers are the most commonly used so less secure – don’t forget the ones on the right side of the keyboard.

It’s also important to not use the same password everywhere – especially not mixing one’s for your computer and the Internet. Places like on-line banking should especially be unique and secure. Otherwise, getting one password opens every door – to your work, car, home, and gym. The on-line version of identity theft. The Secrets article suggests customizing passwords for each site by adding something from the site name. Just don’t use the same one for your computer or router*.

The idea is to avoid using things that could be described by simple logic or checked from a list.

The Secrets article links to a password checker on the Microsoft web site. An interesting tool although it should be noted that it will mark anything under 8 characters as weak. Go Best for banking.

The Password checker links to a further page on how to make strong passwords that has some further tips – a few curious. I don’t agree with all the advice on any of these articles but security is always worth a review. Sometimes it’s about balance – when does security become excessive and non-productive. And when does a little caution make all the difference. A few tips and tweaks can make life easier. And help you understand consequences.

Routers
*And for goodness sake, if you bought a router and didn’t change the password, do so now. Routers are what you’re exposing to the Internet. They advertise their make and model. No guessing required to take them over. If you don’t change the Wireless settings, some will even broadcast “kick me, I’m stupid”, giving your neighbors free Internet access and information about your network. That entirely defeats the point of having a router. Read the ‘quick setup’ guide. Proper setup takes just a few minutes. Even a used router can be reset to defaults and it’s guide downloaded from the maker.

While you may think sharing your connection is being nice, if you do so publicly, your ISP’s records of who’s downloading porn, spamming, etc. will point to your router. Smart crackers use others connections to do the dirty.

Login
The other half of the equation is your login. The trend to using email addresses as logins on web sites has meant that the password becomes even more important. No guessing for the login required. It also means a persons presence on various web sites is easily searched. Have you searched your email address lately? And the email address easily picked up by spammers. Amazing how many sites play open with your email address.

Best for that is to create an email address on a free webmail service like gmail.com that doesn’t use your real name. Gmail has good spam filters and can be set to forward the email to your usual email account. Use the Gmail account for any web or registration uses and it keeps the spam way down in your inbox. I get WAY more spam in my public email account.
David