Thursday, May 22, 2008

Choosing Your Passwords Carefully

 

Choosing and Protecting Your
PASSWORDS

Passwords are a common form of authentication and are often the only barrier between a user and your personal information. There are several programs attackers can use to help guess or "crack" passwords, but by choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information.

Think about the number of PIN numbers, passwords, or passphrases you use every day: getting money from the ATM or using your debit card in a store, logging on to your computer or email, signing in to an online bank account or shopping cart...the list seems to just keep getting longer.  Keeping track of all of the number, letter, and word combinations may be frustrating at times, and maybe you've wondered if all of the fuss is worth it.  While having someone gain access to your personal email might not seem like much more than an inconvenience and threat to your privacy, think of the implications of an attacker gaining access to your social security number or your medical records.

One of the best ways to protect information or physical property is to ensure that only authorized people have access to it.  In the cyber world, passwords are the most common means of authentication, but if you don't choose good passwords or keep them confidential, they're almost as ineffective as not having any password at all.  Many systems and services have been successfully broken into due to the use of insecure and inadequate passwords, and some viruses and worms have exploited systems by guessing weak passwords.

Here is a review of tactics to use when choosing a password:

  • Don't  use  passwords  that are based on personal information that can be easily accessed or guessed.
  • Don't  use  words  that  can  be  found  in  any dictionary of any language.
  • Develop a mnemonic for remembering complex passwords.
  • Use both lowercase and capital letters.
  • Use a combination of letters, numbers, and special characters.
  • Use different passwords on different systems.

There's no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.

 

By Evan Stein

No comments:

Post a Comment