Breaking

Monday, January 21, 2008

How to create secure, memorable passwords

Q: Help! My life has been taken over by passwords. I must have at least 20 places where I have to enter one. I know you’re not supposed to write them down. And that you should change them every so often. And they can’t be easy to guess. So how do normal people manage all that?


A: You hit on one of the great riddles of our time! How do we create passwords strong enough to keep others out – but memorable enough that we don’t forget them ourselves?
I've got some ideas for you, but first let's go over what makes a good – or strong – password:
It has at least seven characters.
It includes upper and lower case uppercase and lowercase letters, numerals and keyboard symbols like such as # or @, with at least one symbol positioned somewhere in the middle of the password.
It does not include a dictionary word, your name, user name or company name.
It is not an iteration of an earlier password (Susie1, Susie2, Susie3).
So a strong password might look like this: K*g2mp09

Now what about writing those passwords down?


You probably know people who post sticky notes with passwords on them next to their PCs. Bad idea. Telling someone else your password? Not good either. But chances are you’re going to write down passwords no matter what — especially when you have multiple passwords to remember. And you should have multiple passwords, because using the same one for everything can compromise all your accounts if a bad guy figures it out.
So here's what to do: Write your passwords on a piece of paper in a cryptic form only you understand. For instance, if the pass phrase we used above is for your Amazon.com account, you might write books – Peggy trip to remind yourself that 2SF+cP4bd! is your Amazon password. Store these password prompts somewhere safe but inconspicuous – maybe inside a book of poetry you keep in a bedside stand or behind a photo in your home office. Unless you use password manager encryption software, don’t file them on your hard drive.
Just remember, passwords aren’t the enemy. They help you avoid more trouble than they seemingly create.

No comments: