Total Pageviews

Search My Blog

Wednesday, November 25, 2009

Passwords and You

In today's world, passwords are on almost everything.  Online Journal sites, email, forums, message boards, and even chat rooms are sometimes password protected.  Back when I was growing up, if I didn't want someone to see something I've written on my computer (this was back in the day of "IBM-PC clones), I came up with passwords that no one in my family could ever venture to guess, but if I wanted to get into something of theirs, the passwords were quite easy to figure out.  The purpose of my blog today is to focus on passwords, and what you can do to minimize the possibility of your account being hacked into.  One piece of information that I'd like to point out is that even the strongest password encryption is no match for the most sophisticated trojan virus.  Keep your anti-virus definitions up-to-date and have the latest security updates and service packs installed.  If you have trouble with this, please refer to your computer manufacturer for help.

So you might ask what makes a good password?  What can make your password even better than what it is now?  After reviewing a lot of information on various sites, and drawing from my own experience, here are (what I think) some good guidelines to go by for creating a password that is highly improbable to break or hack:

1) Use the KISS method - Keep It Short And Simple.  In other words, creating a password that has 35 characters in it is NOT going to be easy to remember.  Usually a password containing 6-10 characters should be sufficient enough.

2) Use both numbers and letters (alphanumeric) - I can't stress this enough.  Using both letters and numbers in your password decreases the possibility of your password being hacked.  A good example that I like to draw upon is when I used to watch Star Trek (TNG or DS9) and whenever a character calls the computer for protected information and uses their name and some military phonetic pronunciation of an alphabet letter with a number, e.g. "Picard 47 Alpha Tango" (one of my favorites)  In this case, I would use Picard47AT.  Again, just an example.  I don't know who in their right mind would use that exact password to begin with, but you get the idea.

3) Don't Use Common Words - Words like bank, bird, flower, dog, or even children's names should never be used as passwords.  First, they are easy passwords, and second, given time someone can and will figure it out.  Also, avoid using the dictionary.  Like my first suggestion, using the dictionary may not only end with you being frustrated that you can't remember your password, but now you'll have to go through an entire letter in the dictionary just to find it.

4) Rotate Your Passwords - This is sort of a personal suggestion.  At any given time I have at least 5 passwords that I can use to replace a hacked one.  I used to keep a list, but they're all in my head now.  Well, most of them anyway.  The point is, a good idea will be to keep a list of passwords somewhere safe, secure, and readily accessible.  Creating 5 unique passwords should be sufficient enough, and rotate them every 3-6 months.  Most employers who set up authenticated access usually require this step, anyway.  So do yourself a favor and have a primary password in mind, and have at least 4 alternates.  One quick note on this, I've worked for employers where after changing your password at the required interval, you cannot go back to your original password until at least 6 different passwords have been used.  In this instance, I had to get creative with my password generating process.

5) Get Creative - If you've created your passwords list, and you've run out of them in a short amount of time (believe it or not, this has happened to some folks), then it's time to use a bit of imagination in creating your next password.  In my experience, I've used the military phonetic alphabet full name, say "delta" and then a number from something in my 30 years of life like part of a phone number (either the first 3 digits, or the last 4 without area code), and area code, or even a zip code that only I've been to and no one else would figure it out.  For example, sometimes I'll go with a password like "charlie702", or even better would be "tango89107".

6) Use capital letters and special symbols - Some sites require this step, and even some employers.  While I admit that this adds a little more security in your password, I would recommend against it.  Too many times have I used this type of password, and almost every time I forget to put in the symbol or capital letter.  It goes without saying that I've even locked myself out of accounts because of this security step.  But if it is required, just make sure to add a mental note of the special requirement.  Write it down if you have to, but if you do, make sure to keep it stored somewhere safe and secure where no one else will find it.

I'd like to end this with a few quick tips to go by.  First, never assume that someone needs your account information, including your password, for anything.  In the wrong hands, someone can really have a devastating effect on your life just by knowing how to gain access to sites that you visit frequently, and with your information.  Avoid at all costs giving ANYONE (even a friend or a family member) your login information for anything.  Second, never assume that just because you have a strong password means you are invulnerable.  Always make sure you have installed the latest updates to your operating system, especially security updates, and also make sure you have both a firewall and an anti-virus program installed.  Lastly, some articles I've read suggest you use a password manager to help you with password-protected sites and managing your login information that way.  This is both good and bad, and for many reasons on both.  Personally, I'd recommend against using any such program, especially if your computer is shared with others.

One final piece of advice to close this blog.  If you do share your computer with others, I recommend that you ALWAYS log out of sites and programs that you use or go to, even restart the computer if you have to, clean your internet cache and your browser cookies regularly.  This prevents anyone from accessing your information after you've finished using the computer system.  Also, never assume that you've been logged out completely from any visited site.  Your friend might be respectful and log you out as a courtesy, but someone else may want to prod and poke around in your personal affairs.  Putting it mildly, if you don't want friends or family to see what kind of porn you're into, either stay out of it completely, or make damn sure you've logged out and that your login information is not shared with ANYONE outside your brain.

Have a comment? Suggestion? A topic you'd like to have discussed on my blog? Email me at And if I don't know the answer, I'll post up information on who to ask, where to go, or what to do to get your answer. :) Until then, have a great day, and I hope you've enjoyed reading my computer tips so far!