Passwords — many hate them, but we all need them. Passwords are the keys to our workstations, e-mail, finances, and so much more. And yet, too many people are using simple, easy-to-guess passwords. If you’re using a proper name, birthday, anniversary, zip code, or any other similar phrase as your password, then you have a bad password. These types of passwords are very easy to guess, and I’m not talking about someone sitting at a computer taking random stabs at your bank account login. I’m talking about software written by criminals, that is able to make logical guesses at your password on the order of thousands of times per second.
John P. at One Man’s Blog can tell you all about how he’d hack your weak passwords, starting with these top ten categories:
- Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
- The last 4 digits of your social security number.
- 123 or 1234 or 123456.
- “passwordâ€
- Your city, or college, football team name.
- Date of birth - yours, your partner’s or your child’s.
- “god”
- “letmein”
- “money”
- “love”
Does your password fall into any of these categories? If so, change it now!
In “Your Password Sucks!“, Steve Mermelstein laments over bad passwords, and offers some suggestions for composing and remembering better ones.
“Once you start practicing this you’ll need a way to securely keep track of all your passwords. … Mac users have Keychain which is included in Mac OS X. If you’re a Windows user, I recommend eWallet which syncs with most PDAs and Smartphones.
“It is not a good idea to let your browser store your passwords as most malware emails those stored passwords to the malware author immediately upon infection.”
If you’re not comfortable with the mechanics of storing your password in an encrypted file, or with software like Keychain and eWallet, and you simply must write it down, I recommend putting it on a piece of paper that you keep in your wallet. Pull it out each time you need to recall your password. Once the password is committed to memory, destroy that note. Oh, and don’t write what the password accesses on the note, just in case you lose your wallet.
Of Zen and Computing previously covered the password-in-the-wallet technique, as well as methods for composing good passwords in “Create a strong, secure password“.
