RichardReprint of a letter published in the International Herald Tribune six years ago, and it still hold true. I have added a bit, but the idea stays the same.
Hackers take great joy in bypassing passwords, I’ve done it myself.
- Your job is to make passwords unpredictable.
It is wrong to tell people that passwords can be broken without explaining the proper way to choose one that will be more difficult to break.
- Given enough time every password can be broken.
You should choose a password that is seven or more characters long. Don’t use a word that is found in a dictionary - a program can be written to use every word in a dictionary.
Once you use a password that you consider good, don’t use a sequence of that password (Tolkien1, Tolkien2, Tolkien3)
Try making up an acronym - JDwfLTismf (”Jack Daniels whiskey from Lynchburg, Tennessee is my favorite”). Unless you know me well enough to know that I like Jack there would be no reason to consider that phrase. If you did know my like for Jack there is still no reason to consider this as a possible password.
Try and misspell a word using one or more special characters in the center of the word, like Disné#Land.
Since many passwords are case sensitive, use upper and lower case.
When it comes time to change passwords, I take the local newspaper and choose a word. The word for today is Doonesbury, which I modify to be D00n3sb_r. Or take the word lightbulb and spell it 1igh+b_1B. It is actually very simple, once you get the hang of it.
Take the word “automated” and on a US keyboard type one character to the right “siyp,syrf” and doing this means that you can use your family name if you want to.
For sites that do not have any money related information I use one password. I take an unnatural word combination, like an adverb and a noun (an adverb, broadly defined, is a word which modifies any word other than a nouns), combine them the make a word that does not exist in the dictionary. SlowlyTruck is a combined word that does not appear when searched on the internet. Slightly change the spelling and you really have a wonderful password - how about Sl0w1yTruck
I only use one password for sites like blogs. For sites that have money related things I use the ideas referenced above, but since I have a good memory I really screw the text up. I have also taken a text file and just typed a dozen or so characters, and whatever came out was a password.
Change your password at work every two months and personal passwords as often as you feel necessary.
Change your password now. Don’t wait for the prompt.
| 2.5 |
{ 0 comments… add one now }
Leave a Comment