PC911 > How-To > Safe Computing > Password Protection

- Alex -

Download this article as a self-extracting text file
View this article in printer-friendly plain-text format
E-mail this article to a friend

Protect Your Passwords

How many passwords do you have? Think about it for a second. There's your voicemail at home, your voicemail at work, your ATM PIN number, your credit card PIN number, the code for your padlock for the locker at the gym, your login to the network at the office, your login for your ISP at home, your access code for your online banking service, your login for various web sites, software registration keys ... you get the idea - no matter what you do these days you need some kind of key or code or number to gain access to protected data.

So you think all your data is protected. But what about your passwords? Do you protect them as much as your data? If you don't keep your passwords safe, then you might as well not have any. Unfortunately many people are guilty of gross negligence when it comes to passwords. Too many people carry paper scraps with passwords around, use insecure passwords, and don't pay attention to where their passwords are going. In this article we'll help you choose secure passwords, keep them safe, and make sure they cannot fall into the wrong hands.

Choosing Secure Passwords

When you are asked to choose a password it is vital that you choose a secure one. If the password is easy to guess you might as well not have one and invite everybody to steal your data. Here are a few basic rules to create a safe password.

Do not be stupid! - This might sound insulting, but it isn't. Do not use the word password as the password, NEVER leave the password blank, do not make the password the same as the user name (where applicable). Countless computers have been cracked because people used these idiotic excuses for passwords.

Avoid the obvious - Do not use simple stuff like your birthday, your pets name, name of favorite bands or characters, phone number, social security number, license plate, simple patterns like qwerty, 12345, AAAAAAA, etc. or any of these examples spelled backwards. The easier it is for you to remember, the easier it will be to guess for somebody else who knows a little bit about you. Your password should never be easy!

Do not use the dictionary - Scripts to crack passwords try the obvious and easy stuff first, including words that can be found in a dictionary. Be more creative than that.

The longer the better - The more characters are in your password the harder it is to crack. With each additional character the number of possible combinations increases exponentially. If possible, make your passwords at least 10 characters long.

Mix and match - Choose a password that contains upper and lower case letters, numbers, and other characters. The wilder the combination, the better. Example: k#8(F0%6A=s

Change a default password immediately - If you're being assigned a password, you should immediately change it to a new password if at all possible. Never continue to use the default password because they are either easy to guess or chances are that they are documented somewhere.

Never use your mother's real maiden name - When being asked on a credit card application or anywhere else for your mother's maiden name, use a fake one. People can easily find out the real maiden name via your birth certificate and marriage certificate. Use a fake one to avoid scammers using the real one to pose as you and get access to your bank or credit card records.

Keeping Your Passwords Safe

Now you've chosen a secure password - but the best passwords are useless if you don't keep them safe. Since your passwords are the key to your life you should protect them accordingly. Here are a few basic rules to protect your passwords.

Do not write them down in your day planner - Some people keep their life in their day planners, including a list of their passwords. If that planner gets lost or stolen, you're screwed.

Do not store them in your PDA - Same case as with day planners. PDA are lost or stolen very easily. Do not let your life get lost or stolen with your PDA.

Do not store them in your wallet - Many people carry scraps of paper with passwords scribbled on them in their wallets. It's already bad enough that most people have their credit cards, driver licenses, and social security numbers in their wallet. Do not make it worse by adding your passwords and PIN numbers.

Do not share your passwords - You should be the only person in the world who knows those codes. They are nobody else's business, and that includes spouses, best friends, coworkers, etc. There are countless cases where people got screwed because they shared passwords with people initially thought trustworthy. Be especially suspicious if somebody wants to verify your password or asks you for it in any form. Scam artists try to pose as a representative from your bank/ISP/whatever and call to verify your password with some cockamamie story. There is never a reason to tell anybody your password.

Do not reuse old passwords - Always generate fresh and new passwords that do not carry the possibility og having been compromised in the past.

Do not use the same password for multiple accounts - Use unique passwords for each account or login. This way, if one is being compromised, your other accounts are still safe.

Change your passwords on a regular basis - As a precautionary measure you should change your passwords periodically, just in case somebody saw you type it or somehow found out about one of them.