dilbert-passwords

Security First: A Short and Sweet Primer on Passwords

via Dilbert.com

The more I talk to friends and family about “Web safety,” the more I realize that most people generally under estimate the importance of having a strong and somewhat abstract password (formula). For whatever reason (or perhaps due to the increase in family/friends chatter during the winter holiday season) now seems like as good a time as any to discuss the need for a mixed-character, mixed-size (i.e. caps and non-caps) password.

Whether you just got a shiny new computer during Black Friday / Cyber Monday, have recently signed up for a new social network or other online service, plan to do some traveling this holiday season, or you’ve simply got a couple of minutes to spare it is NEVER too late to change exchange your existing password for a more robust, less crackable one.

As a general (and obvious) rule of thumb, using your name (or a loved one/family member’s name), date of birth, a pet’s name, or some other easily guessable string of characters makes for a lousy password. However, as my parents lamented, those are the easiest things for most people to remember. So what to do then? Well, first let’s just go over my extremely simple and easy rules for creating/changing “safe” passwords:

  • 1. Be sure to include at least one CAPITAL letter
  • 2. Be sure to include at least one allowable symbol (most web services will spell out which non-alphanumeric character are / are not allowed)
  • 3. Be sure to include at least one number
  • 4. Be sure to use at least 6-8 characters, if not more

Oh, and before I give any examples, remember the importance of variation. DO NOT use the same password for everything. If you are really adamant about minimizing the number of passwords you have to remember, divide your password-protected computers/websites/services into a few manageable categories and create a unique password to go along with each one of them.

Ok, now let’s look at an example. Let’s say your current password is your dog’s name: snoopy. Now, simply apply the first 3 steps above and you should have something like this: Snoop.y1. While clearly a bit more convoluted to remember, the difference in security between snoopy and Snoop.y1 is no laughing matter. The new password is way more secure and far more difficult for anyone to crack on a whim.

That’s pretty much all there is to it. However, from time to time you will run into a website that does not allow the use of non-alphanumeric characters and/or one that does not distinguish between caps and no caps (AmericanExpress.com comes to mind). In those cases, it is imperative that you step it up and use more creativity in your password selection.

The bottom line, like most things in the digital / real world, is to use common sense, but also to err on the side of caution security. So what if you forget your password and have to request a new one by email…that’s a bit less traumatizing than exposing yourself to identity theft or worse.

Che3rs + [email protected] H0Li.DaY5!

P.S. If you would really like to go all out, give this password creation method a try.