passwords

choosing & using good a password

Did you know that Feb 1 is February 1 Is Change Your Password Day? I didn’t either til Gizmodo told me so.

Never ever underestimate how important a good, strong, secure password is. And most of all, don’t use a weak password that’s easy to guess.

Your password should trigger your spell checker, flagging it as a misspelled word. A quick test to make sure your password isn’t suseptible to a dictionary attacks. That’s when an attacker tries all the words in a dictionary file against your password. Make it random, without obvious patterns or clues, total gibberish. Try deliberately misspelling a word or phrase like: kaKewALc

My rule of thumb when it comes to passwords is long & strong. The real world conumdrum is that long passwords are hard to remember if they’ strong. Key lengthening techniques like salting with a HMAC make your password longer without the burden of unnecessary memorization.

Need to share a password with someone? Get three sequentially numbered dollar bills at the bank. New, uncirculated ones. You take the highest, your partner the lowest. The middle serial number is your shared key. Keep yours somewhere OTHER than in your wallet to avoid spending it by mistake.

I shouldn’t be able to see your password when I’m sitting at your computer. That means no sticky notes hanging off your monitor or cheatsheets in your desk drawer. That’s as dumb as hiding a house key under the front door mat.

Consider using different passwords for different tasks. Think about cataloging your different digital identities: work, personal, family, anonymous, etc. Use one password at work, use another for your personal email identity, and yet another for your throwaway online personas. This allows you to compartmentalize your risk. Who cares if spammers get your throwaway password as long as your financial password is still secure.

Store your passwords somewhere safe, not taped to your screen. Consider storing CDs or flash drives full of passwords (along with software registration numbers, hardware serial numbers, etc.) off-site under in a safe deposit box. Mail yourself a sealed package and save it unopened using the postmark as an analog date and time stamp. Split your keys and store half at home and half off site (secret sharing).

Don’t take my word for it, read this piece on Lifehacker about password security.

Take all of this stuff seriously. Hackers and phishers do. Never let your guard down. Actively resist.


JetCityOrange mobile web site     JetCityOrange on Facebook   JetCityOrange on Twitter   JetCityOrange on Tumblr   JetCityOrange on Youtube   JetCityOrange RSS feed   StumbleUpon  

Copyright 2012 Jerry Whiting. All rights reserved.