Home > Security, Web > Is your password secure?

Is your password secure?

Sad to say, chances are, it isn’t.

Do you use an English word as your password?  Maybe with a number appended to it?  Not good.  Dictionary attacks are commonplace.

Let’s see, do you use a bit of information in your password that’s easily obtainable?  Like your birth date or spouse’s name?  Again, you’re asking for it.

Now the kicker: do you use the same password on multiple sites?  Oh oh.  My personal pet peeve.  Think of your password like a lock.  Would you put the identical lock on your house, cars, safe, etc?  What if you lost your key?  You’d have to change all the locks.  What’s worse, with the Internet you don’t always know when the key is lost.  Actually here’s one time we do know: Sony’s been hacked (again) and 40,000 username/password combinations have been posted for all to see.  So if you’re in that list, and you used the same password on other sites – well, I don’t need to tell you.

To test password uniqueness, Hunt compared the Sony data to a database of
Gawker usernames and passwords, which were hacked and released late last 
year. He found that of those accounts that used the same email address on
both sites, 67% used the same password on both systems.

Here are some basic rules to follow when coming up with a password:

  1. Use a different password for every site.
  2. Make it long.  How long?  Well it’s easier to say what’s not long enough, and that’s 6 characters.  Go 8 or 10 characters or even longer.  You could use an entire phrase.  Research shows size trumps content.
  3. Use a mix of character types.  So upper and lower case letters.  Some numbers.  And at least one special character (non-alphanumeric).
  4. The best passwords are random ones, and people don’t generate the best entropy.  Actually even machines have a hard time generating a truly random number.  But given the differences, you’re best off using a utility to generate a random password for you.  Yeah, yeah, you’ll need some way to keep track of all those passwords.  Welcome to the information age.

-Krip

Advertisements
  1. esme
    June 9, 2011 at 4:32 am

    Very good advice. Thank you.

  2. Thersa Ogg
    June 15, 2011 at 2:00 pm

    Well I truly enjoyed reading it. This information offered by you is very practical for accurate planning.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: