Sunday, June 29, 2008

10 Ways to Avoid Password Headaches

“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.” (Clifford Stoll)

Passwords are the scourge of the digital age. Again and again, we are tortured by a multitude of passwords that force us to rack our brains for cryptic words like ch14zdo.

Get used to it, say computer professionals. You have a lot to be paranoid about. Password-based attacks are steadily on the rise. The threat of large-scale computer crime is very real, and stealing passwords is one of the easiest ways for a criminal to launch an attack.

So if you’re succumbing to password overload, follow these simple tips. They’ll help you protect and remember passwords without demanding a whole lot of mental might.

1. Personal password algorithm.

Create a formula for devising all your passwords. Pick significant dates and wrap them into acronyms that symbolize the event.

An example for picking a password for work might be choosing your fist day on the job. By taking the month, event, year, and day of the week you might end up with 11fdw05tue as a password. The 11 stands for the month of the year, November; fdw is short for “first day of work”; 05 represents the year; and tue means Tuesday.

2. Password pitfalls.

Avoid the obvious. Passwords such as someone’s surname, your birth date, or a word from the dictionary may be easy to remember, but they’re also very easy to break.

A computer is only as secure as its password, so don’t be lazy. Hackers have tools that can crack a 6-character password in less than fifteen minutes.

Each password should combine both uppercase and lowercase characters, and include a digit or two. Finally, your password should be at least six characters long, although the most secure passwords are thirteen or more.

3. Don’t be redundant.

Another popular mistake is using the same password for different purposes. If you use the same password for logging on to AIM, using the office network, and accessing your email account, one security breach leaves your entire password-protected life vulnerable.

4. For your eyes only.

You wouldn’t leave your driver’s license on the front steps to your home, or post your Social Security number at the corner store. So, why would you keep your passwords in easy view?

Password-covered Post-it notes litter office monitors everywhere. And even more hide underneath keyboards. Typically, as soon the network administrator changes the password, the yellow stickies get updated. This is a computer network manager’s nightmare. If you must use a cheat sheet, keep it where others can’t see it, like in your wallet or purse.

5. Buried treasure.

You can “bury” your cheat sheet even deeper. Try keeping passwords in address books, encoded as bogus phone numbers or names. If your work password is dava3231, list a fictitious work pal as Dave Avery 555-3231, or write your boss’s address down as 3231 Dave Ave.

6. Reading between the words.

Another thing to try is selecting a cryptic password by choosing a series drawn from the first letters of the words in a line from a poem or song. For example, “To be or not to be, that is the question…” yields tbontbtitq.

7. Rate your privacy needs.

Accept it, some applications and websites are about as important to password-protect as your trash. There is a big difference between someone surfing a website under your account name and someone sending your boss hate mails using your email account.

Rate the level of security for specific programs and websites. Then create a sliding security scale for the passwords you want.

8. By all means, safeguard your password.

At first, it may be difficult to remember your password. Did you substitute an “i” with a “1″ or did you use a “1″ to represent “L?” To help remember the password, use it immediately. Then log in and out several times the first day. Just don’t change it on a Friday or right before leaving for vacation. You could write it out several times on a piece of paper. This helps record it in your mind. Just be sure to shred the paper when done.

9. Avoid bizarre character combinations.

While character combinations such as dkFe*#21 might be hard to guess, they are also difficult to remember. I know these passwords are less susceptible to brute-force attacks, but such activity is already combated in other ways, such as limits on incorrect logon attempts.

10. Don’t change the password too frequently.

People are more likely to forget a password they will only use for a short period of time. And it’s not really necessary to change your passwords every week. A good average is 90 to 120 days, and I’m sure you can deal with this.

[Via Ririan Project]

No comments: