Small password improvements equal big security
(MoneyWatch) Passwords are the bane of our digital existence. Best practices call for multiple unique, highly complex passwords -- you shouldn't repeat the same one on multiple sites, services, or accounts. And a strong password implies using capital letters, numbers, and symbols. But human nature dictates that even given those requirements, we find the easiest way to satisfy the rules. And those shortcuts are great for hackers.
Recently, PC World illustrated the problem: Given a requirement to use a capital letter in a password, most people typically make the first letter of the password a capital. Likewise, data shows that 1 is far and away the most common number used in passwords; when sequences are used, "3456" is ten times more common than "4321." And those special symbols? People simply replace characters in words with symbols that resemble them (! Instead of an L or I, for example) -- something hackers have no trouble reverse engineering.
- Chrome users beware: Your passwords are vulnerable
- Turn on 2-step verification to enhance security
- The best passwords are the lengthy ones
So what does all that mean? Basically, our passwords are relatively insecure (even when we follow the rules for strong passwords), mainly because we're still optimizing for shorter, easier to remember phrases.
The solution -- or at least a mitigation -- is to get creative. Here are some password guidelines, revised for the modern age:
It's actually OK to write down passwords. The real security risk isn't someone in the same room as you; it's an anonymous hacker with the computer processing power to solve your password. If writing down passwords helps you make them rich, strong, and complex, that's probably a reasonable compromise.
Combine what you write down with a memorized string. Make your passwords based on two parts: A set of characters that you memorize, followed by the longer, unique bits that you have written down. This way, the written password list is useless, and you don't have to memorize much to have a secure PC.
Mix it up. Put multiple capital letters in your password. Use random number sequences. Use uncommon special characters. And make your passwords longer, since you don't need to memorize them.
Photo courtesy Flickr user liako
Dave Johnson
View all articles by Dave Johnson on CBS MoneyWatch »
Dave Johnson is editor of eHow Tech and author of three dozen books, including the best-selling How to Do Everything with Your Digital Camera. Dave has previously worked at Microsoft and has written about technology for a long list of magazines that include PC World and Wired.
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
