Wired How-to Wiki
"Your digital private life has a weak point that can unlock all your secrets: your password. Whether you use a single-sign-in solution like OpenID, or have separate passwords for every account, your accounts are only as secure as your passwords.
"Based on what limited data is available, the vast majority of us choose very poor passwords. A MySpace phishing attack that netted some 34,000 actual user names and passwords, revealed that the No. 1 password was password1...."
Okay: That's scary. The good news is that it wasn't just "password."
The rest of the Wired wiki is split into seven - or eight - sections:
- Size matters
- Don't rely on the dictionary
- Use numbers, capital letters and symbols
- Use a Password Manager for websites
- Use patterns of the keyboard
- Type a sentence
- In the Future
7.1 Mix It Up
Piece of advice #3 looks good on paper: their example, "@#$@$%#" isn't the sort of thing anybody other than the user is too likely to guess. On the other hand, quite a few websites and services use security software that won't accept anything by letters of the alphabet, or numbers. The advice about using cap/lowercase oddly is good - provided that the security software recognizes cap and lowercase characters as different "A" not being "a," for example.
The advice about not using the dictionary is something I've run into in just about every plausible how-2 and advice article on password security for years. Decades. One word from a dictionary is almost useless against software that has an unabridged dictionary in its code - and runs through it until it gets a hit, or reaches the end of the dictionary.
Bottom line on the article: this looks like pretty good advice. And following the suggestions (but not the specific examples, please) should give fairly secure passwords.
Personally, I'm unlikely to ever use password manager software for my own security: but that's my call.
- "Facebook Games, Scams, and Common Sense"
(November 8, 2009)
- " 'Work at Home,' Transferring Money Overseas: What Could Possibly Go Wrong?"
(November 3, 2009)
- "Phishing, Common Sense, and 'The Public's Right to Know' "
(October 6, 2009)
- "Lemming Tracks: The Zlob Worm and Related Malware Issues"
(April 19, 2009)
- "PINs - Not Nearly as Secure as We Thought"
(April 15, 2009)
- "Nigerian Scam on Facebook - an Example"
(January 28, 2009)
- "Twitter Trouble: It Could Have Been Worse - The Adminstrator's Password Could Have Been 'Password' "
(January 6, 2009)
- "zzz-mailing: Using The Intenet - Asleep"
(December 16, 2008)
- "Assumed Guilty, then Fired and Ostracized: It's Time for an IT Code of Ethics"
(June 20, 2008)
- "Passwords: Be Sure Yours Isn't on These Lists"
(April 20, 2008)
- "Do You Know What's in Your Computer? Remember Sony's DRM Rootkit?"
(March 12, 2008)
- "Robot Tricks Humans Into Reading Captchas"
(February 19, 2008)