Monday, June 6, 2011

Robust

Every week it seems like there's a story on the news about some company that's had their computer system hacked, and recently several Facebook friends have had their email accounts compromised. They had to walk away from them and set up new ones. Not something I want to deal with!

I have a couple of passwords (and variations on them) that I regularly use for computer stuff. One is for less-important things, like corporate Websites, and another is for places that need more security, like email accounts. However, I suspected all of them could be improved, so today I checked mine with the Microsoft Password Checker. They failed big time, but I've improved them by following some suggestions about creating strong passwords.

Did you know that effective passwords should be at least 14 characters? They should also use a variety of character types and should not be a word found in a dictionary. A password needs to be long and complicated enough to protect you, but not so complicated that you'll forget it.

The article I used had a handy chart that listed one way to create strong passwords, along with examples which I found very helpful:
  • To start, think of something meaningful to you, and put it into a sentence or two--about ten words total. They used Long and complex passwords are safest.
  • Turn the sentence into a row of letters, using the first letter of each word--lacpasikms (10 characters)
  • To add complexity, make half of the letters uppercase--lACpAsIKMs (10 characters), then add length with numbers by putting two numbers that are meaningful to you in the middle--lACpAs56IKMs (12 characters).
  • Last, add length with punctuation and symbols--?lACpAs56IKMs" (14 characters)
After a bit of experimentation I came up with a strange-looking password combination that looked like it would be quite secure, but I was afraid to use it. What if I forgot what it was? However, I practiced it a couple of times and I think I'm starting to remember it. Just in case, though, I'm going to change things over gradually. The old ones have lasted this long, so I don't think a couple more days are going to matter.

5 comments:

  1. This is really good information. Thanks Kathy.

    ReplyDelete
  2. I've thought about doing this. Started the change with a few, but am also afraid that I will forget them - I don't want to use the same complex one for each site, either... or would that be ok if it is difficult to crack?

    ReplyDelete
  3. Wow, this is amazing information thank you. I don't think that I could remember a 14 character password, some days I have problems remembering my own name! lol

    ReplyDelete
  4. Unfortunately, I doubt any computer system is truly safe from a hacker (unless you turned it off, unplugged it, and put it in a safe deposit box).

    At work the computer systems force us to change passwords every 3 months and won't let you re-use a password (I don't know how long the system's memory is, but it goes back at least 4 or 5 years).

    Another password option is to swap out some or all of your vowels with numbers. E = 3, O = 0 (that's oh = zero), I = 1, A = 4. I don't know what to use for U :)

    Like you said, using long passwords with a combination of uppercase, lower case, numbers, and symbols are best.

    I also keep multiple email accounts. I have one main one that I use when signing up on websites for coupons and contests and things, and a different one for "real" email. Viruses and things could get in through the "real" email too, but that address only gets spread to real people, not big mass-mailing lists.

    ReplyDelete
  5. Good tips! I recently set up 2 step authentication for my Google account (since if someone gets ahold of my email, they can pretty much reset any of my other passwords). It basically calls you or sends a text message with a one time access code whenever you try to log into your account from a new computer. I also use a different password for email than for everything else, and have weaker ones I use for less secure sites, but I always have a hard time remembering which one I used for which site!

    Here are more details on how to set up the 2 step authentication.

    ReplyDelete