Tuesday, November 24, 2009

If Your Password is "Password1" - CHANGE IT

"Choose a Strong Password"
Wired How-to Wiki

"Your digital private life has a weak point that can unlock all your secrets: your password. Whether you use a single-sign-in solution like OpenID, or have separate passwords for every account, your accounts are only as secure as your passwords.

"Based on what limited data is available, the vast majority of us choose very poor passwords. A MySpace phishing attack that netted some 34,000 actual user names and passwords, revealed that the No. 1 password was password1...."

Okay: That's scary. The good news is that it wasn't just "password."

The rest of the Wired wiki is split into seven - or eight - sections:
  1. Size matters
  2. Don't rely on the dictionary
  3. Use numbers, capital letters and symbols
  4. Use a Password Manager for websites
  5. Use patterns of the keyboard
  6. Type a sentence
  7. In the Future
    7.1 Mix It Up
I wasn't not sure if we're supposed to take #5 (Use patterns of the keyboard) seriously. But they do say to do more than just use something like "qwerty" - their example involved "bgt5" but included a few other details. For people who can't remember other patterns, but who can remember that sort of thing: it looks practical.

Piece of advice #3 looks good on paper: their example, "@#$@$%#" isn't the sort of thing anybody other than the user is too likely to guess. On the other hand, quite a few websites and services use security software that won't accept anything by letters of the alphabet, or numbers. The advice about using cap/lowercase oddly is good - provided that the security software recognizes cap and lowercase characters as different "A" not being "a," for example.

The advice about not using the dictionary is something I've run into in just about every plausible how-2 and advice article on password security for years. Decades. One word from a dictionary is almost useless against software that has an unabridged dictionary in its code - and runs through it until it gets a hit, or reaches the end of the dictionary.

Bottom line on the article: this looks like pretty good advice. And following the suggestions (but not the specific examples, please) should give fairly secure passwords.

Personally, I'm unlikely to ever use password manager software for my own security: but that's my call.

Almost-related posts:

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory