Tuesday, September 28, 2010

Picking the Right Password

An Appetizer...

I've been spending a lot of time lately, wondering just what I could talk about that would be perfect for me to comment on. What thing could I talk about better than anyone else on the face of this planet? What thing could I shine light on that would thrill and enthrall all who read it?


Nothing really.

Now, I'm not being self defeatist, I'm being practical. A year and a half out of university with an abundance of enthusiasm and a smidgen of luck, I have a great job, but no real expertise to speak of.

That's when it hit me: Take it down a notch. Start from the beginning (I hear it's a very good place to start).

What's something everybody uses, something basic... Passwords.

Passwords are something of a nuisance to everyone. A necessary evil that, one way or another, everyone encounters. Different security policies force different password requirements - punctuation, capital letters, numbers, more than six characters, less that sixteen...

What Not to do

Before getting into some tips on what should be done, here are a few suggestions on what not to do.

  • Don't use whole words, phrases or names. - If someone wants your password, it's easy to link escapades of Fluffy to your account... assuming it's not a more high-tech dictionary attack, that is.
  • Don't use easy passwords - "12345", "abc123", "password", "princess", "qwerty"... any of them familar? If so, it's because millions of other people have the exact same password!
  • Don't use your username - it's practically giving it away
  • Don't use the same password everywhere - not all sites are created equal. Some of them are in it for the money, and that means selling your data. Usernames, passwords, age/sex/location... the sky's the limit. Keeping a different password for get-free-stuff dot something-or-other and your bank... probably a good idea.

The Meat of the Matter

So, how to choose something memorable, but something that still complies with all these sometimes-conflicting rules?
  1. Keep it simple! - pick something you won't have a hard time remembering.
  2. Mix it up - Use camelCase (caPiTalIziNg random letters), l33t (numbers and symbols in place of letters)
  3. Relate it to what you're using it for - Having a hard time remembering what your password is for dizzyducksgoquack dot com? Start it off with a DDGQ and end it off with your street's first letter and house number, for something like DDGQsj129. Make sure you can remember it later
  4. Shorten phrases by picking the first letter of every word - Like so: spbptflofw (could also be: 5pBp7f103w, 5PbP7f1oew, etc.)
  5. "What about puncuation?" one might say. What about it? Use it! - Wap?0M5.u1!

Obviously there are other factors to contend with... policies that force password changes every 30 days or have specific requirements have to be taken into consideration. In the end, it can be worth it. With access logs keeping tabs on many user activities, it's easy to be caught with a hand in the cookie jar - but if you haven't eaten the cookie, it's probably not such a good thing to look like you did.

- - - - - - - - - -
But soft! What light through yonder window breaks?


No comments:

Post a Comment