In security you have to be strong–and so does your password

July 31, 2009

I have long been a fan of Beth Givens and the Privacy Rights Clearinghouse, an initiative focused on best practice in securing privacy in the digital world. So I was pleased to see even more great advice from them, this time about protecting yourself by ensuring you have a strong password.

What is so great about the advice is that you could send it your granny and it would make sense to her. No jargon or hard to digest prose. Just straight-talking sensible advice.

The ten rules are posted here, but for the full story see the original article here

Want to develop tough-to-crack passwords?  Follow these 10 rules:

  1. Avoid using dictionary words. These passwords are easy for hackers to figure out using an electronic dictionary.
  2. Don’t use personal information.  Any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.
  3. Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
  4. If the web site supports it, try to use special characters, such as $, #, and &.  Most passwords are case sensitive, so use a mixture of upper case and lower case letters, as well as numbers.
  5. Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute-force attack can easily defeat a password with seven or fewer characters. Microsoft has an online password strength checker at www.microsoft.com/protect/yourself/password/checker.mspx
  6. To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password.  Be sure to add in numbers and/or special characters.
  7. Create different passwords for different accounts and applications. That way, if one password is breached, your other accounts won’t be put at risk too.  Do not use the same or variations of the same password for different applications.
  8. Despite admonitions to the contrary, one easy way to remember your passwords is to write them down and keep them in a securely locked place.  Never leave them on a Post-It note on your monitor, in an address book, in a desk drawer, or under your keyboard or mouse pad (or any other obvious place).
  9. Consider using a secure password manager. The Firefox browser has a password manager already built in.  The Firefox password manager and 4 others are reviewed at http://lifehacker.com/5042616/five-best-password-managers.
  10. If you have already established a password that is not strong, change it! Web sites have a variety of procedures that govern how you can change your password. Look for a link (such as “my account”) somewhere on the site’s homepage that goes to an area of the site that allows password and account management.

Where protecting personal data is your part of your 9-5 (Not that exists anymore!) or not, the PRC is definitely a great resource for protecting yourself and your nearest and dearest 24/7. If you want to subscribe to their pearls of wisdom newsletter go here. It is definitely worth considering!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: