Password Security and Safety

There is nothing more important that password security in world of technology. It is the first step to creating a safe and secure environment. If your password becomes compromised, there are limitless consequences to what could happen. There are a few very important factors in keeping your passwords safe and secure that everyone should adhere to.

Do not tell anyone your password
No one should every know your password, your bosses, your friends, or your bank. None of them should ever know your personal passwords. Any help desk, company, or organization will have administrators or technicians that can reset your password if they need to do something with your account. Organizations will never ask for your password over the telephone or e-mail!

Do not write your passwords down
The key to a good password is one that you can remember easily, but is hard to guess. It's very important not to write your password down. Hiding it inside your desk, a book, in a picture is just waiting for someone snoopy to find it. Some organizations will require the writing down of passwords, but generally these are Administrator positions and the password books are locked up in a controlled safe or secure location. Your boss shouldn't have all your personal passwords in his desk!

Be aware all the time
When you are entering your password at the computer, or at a bank machine, be aware of who is around you. If you think someone is trying to look at what you are typing, ask them to step back, turn their head, or cover up the keyboard or keypad with your other hand. If you think that anyone may have your password or has seen you enter it, change your password immediately.

Do not use the same password
Far too many people only use one password for everything they do, it makes it easier to remember, but compromises their security. If you use the same password for chatting on a web forum and your online banking password, you are just asking for trouble. Use unique passwords for different projects, websites, and logins.

Password complexity
Password complexity is a very important issue with most users. Often users will have small passwords that are very simple because they worry about trying to remember them. It's very important to have a password that is complex enough to stop people from guessing it, or using automated programs to randomly break it. I will outline good and bad characteristics of passwords below, along with some tips for creating passwords.

Avoid bad passwords, or easily guessable passwords
There are many characteristics that are considered bad when it comes to choosing a password. These characteristics should be avoided at all costs to help keep your password as secure as possible.

Don't use personal information in your passwords. Passwords that contain your date of birth, pets, drivers license number, social insurance number and similar information should be avoided. This also means person numbers of your children, friends, and family also!

Make sure your password is adequately complex, don't use passwords like: kenken, dog, sex.

Stay away from incremental passwords! If you use a password like HiThere1, don't change your password every few months with HiThere2, HiThere3. Create unique passwords each time.

Don't reuse your old passwords even if you haven't used that password in 3 password changes, keep away from reverting to your old passwords.

Don't use words from the dictionary. Passwords should be original conceptions, with no words that could be guess be an automated program.

Notes on character substitutionI mentioned in the last point that dictionary words should be avoided. This is very true, but in addition to that, there are now dictionary attacks that integrate common slang spellings and special characters. For those of you who were on the internet and BBS world, the old KRAD, elite speak, can be just as easily guess as a properly spelled word from the dictionary. A couple of examples of what I'm talking about are, "elite speak" could just as easily be "l33t sp34k", "project" and "pr0j3ct". Don't rely on character substitution as a means of securing a simple password.

Creating a good password
Creating a good password is the key to your personal security. Keep these rules in mind when choosing your passwords:

A password should be over eight (8) characters in length.
Do not use dictionary words.
Do not use character substitution such as "l33t sp34k"
Do not user personal information
Do not use variations on your userid or login name
Use both upper and lower case letters (a-z and A-Z)
Use numbers in your password
Use special characters (% # @ *)

Remembering passwords
Everyone knows how frustrating it is to remember passwords, but there is one way that seems to help many people. Trying creating your password using a Mnemonic Device.

"I like money, give me your money!" could translate to: Il$,gmyM!"Oh, I wish I was an Oscar Myer Weiner!" could be: OH,iwIwaOMW

Simple phrases that are easy to remember for you seem to work the best.

"I live in Toronto, Ontario, Canada EH?" - iLiTOCeh?

Ken Dennis
http://KenDennis-RSS.homeip.net/