On first glance, passwords don't seem
all that complicated. But too many people use their birthdays, their
anniversaries, the names of their pets, or other such easily-hacked
information, that an article for normal people – who may not have
the experience that I do – about what makes a good password seems
like a good idea.
The most commonly-used password,
according to ZDnet, is: “password,” believe it or not. The
second most common is: “123456.” Also on the list: “letmein,”
“baseball,” “superman,” and “111111.”
What this tells us is that most people
aren't terribly concerned with their passwords.
They should be.
Being hacked can lead to many problems,
aside from the obvious having someone drain your bank account and
purchasing expensive items on eBay or Amazon and sticking you with
the bill.
Because, make no mistake, once someone
has one of your passwords, they can also very likely get into your
network and do all kinds of things that will affect you, not to
mention your credit report, adversely. And then there's your
computer. If someone gains access to your computer it can be used
for all kinds of purposes – the most common being as a way to use
your computer for what I will just refer to here as Bad
Things.
I won't go into a great deal of detail
here on what these things are, or how they are done, because that's
not really the point. The point this: there are many Bad Things that
can be done by devious people who can and will gain access to your
computer, files, and/or network. You're just going to have to trust
me on this.
The other point is that, though there
are other things you can do to help protect yourself, creating good
passwords are among the most basic. This is something easy that
anyone can do; you don't have to be a computer whiz or a
cryptographer, you just have to follow some basic advice.
Firstly, I'll give you the Don'ts:
Don't
use any single dictionary word – i.e., any single word that can be
found in a dictionary. There are programs that are capable of trying
every word in a dictionary in an extremely short amount of time.
This
includes compound words as well
Don't
use your birthday, your spouse's birthday, your children's birthdays,
current
phone
numbers, pets' names, current
addresses,
social
security numbers,
credit card numbers, or any other piece of information that is either
easily obtained, easily guessed, common, secret,
or
discoverable – and when I say, “easily,” I mean by people who
have abilities or access to things you probably don't have access to,
most likely because they've hacked a database that this information
is in.
Don't
use words related to your favorite fandom, which is to say, if you're
a Star
Wars
fan, don't use things like, “lightsaber,” “Jedi,” or
“theforce,” or any other word or catch-phrase from or related to
Star
Wars.
The same thing goes for Star
Trek,
Game
of Thrones,
Harry
Potter,
Grimm,
Lost
Girl,
or
any similar universe that has its own vocabulary. And while I'm on
the subject, don't use words in Klingon, Castithian, Dothraki, or any
other language that is made up for a Science Fiction or Fantasy
universe. The same rule that applies to dictionary words applies to
these; there are hackers who can run through an entire Klingon
dictionary in a very short time, too. Amazing,
I know, but true, nevertheless.
You'll just have to take
my word
on this.
And
by now you're probably thinking, “What's left?”
So,
now I'll tell you how to make good, secure passwords.
There are a number of strategies, any one of
which
(or combination thereof) will help you come up with solid passwords.
Firstly,
the longer a password is, the harder it is to crack. While many
sites will only let you do eight characters, some will allow you to
create much longer ones. I'd say that unless you've got highly
sensitive information or are security-conscious to the point of
paranoia, usually somewhere between 8 and 16 characters is
sufficient. (If
you're using a password locker, such as LastPass, you might just want
to use the password creation function and set it to 16 characters.)
Other
things
that make passwords stronger are
including both upper- and lower-case characters, numbers, and special
characters (such as $ or %, and so forth). Or, better yet, all of
the above. The more of these things you include, the harder it is to
discover your password. If
you use a mnemonic method (or even if you don't), which often won't
include special characters or numbers, you can also add a little
something additional to all passwords, like, for instance, the phone
number or zip code from where you lived as a kid (of course, if you
inherit your parents' house, you might have to come up with something
else).
So,
knowing what makes a password stronger gives you several ways to
create passwords. . . .
1.
Use three short dictionary words that are unrelated, connected with
or interrupted by upper- and lower-case letters, numbers, and/or special
characters. For example:
bear!Arm53soccer
is good, though if you want go a little further: be2ar!Arm53soc7cer
is even better.
Which
may be hard to crack, but may also be a little difficult to remember.
(Though
you
might come up with some weird memory trick even for unrelated words
like this: “If the bear ate my arm, I'd miss the soccer game.”)
So,
a couple of strategies that may make remembering your passwords a
little easier. . . .
2.
Use
a mnemonic device to create your passwords, such as the
first letters of a line of a song, or a quotation, using capital
letters, for, say all nouns (or any other part of speech you like),
for example, using this technique, taking the first line of Edgar
Allan Poe's “The Raven,” and capitalizing the letters that
represent nouns, you would get, “ouaMdwIpwaw,” which may not roll
off your fingers, but is reproducible, as long as you know the poem.
Of course, there are no
numbers or special characters in this, so as I mentioned above, if
you add your childhood zip code, and you're from Boston, you might
get, “ouaMdwIpwaw02134,” which is probably pretty hard to crack.
3.
Make up your own word, then add capital letter(s), numbers, and
special characters. So, I just made up a word, “suvavatinz.” I
know it's not a word because I just Googled it. If you include
less-frequently-used letters in your word, like z, or q, in your
made-up word, so much the better. But now, add a cap or two and an
old phone number, and you wind up with “suVaVatiNz9084873311,”
and that's pretty hard to figure out, too. A
good way to remember your made-up word, though, is to give it a
meaning that makes sense to you – in this case, it sounds like a
competitor to No Doz to me.
You
can mix and match these methods, but by
now
you probably get the idea now how to go about making up your
own relatively secure passwords.
There
are a few other things you should think about doing for basic
computer and Internet security, in addition to mobile phone
precautions and good passwords, so I'll do a separate article about
those. . . .
No comments:
Post a Comment