choosing & using good a password
If you read the news only occasionally you know that passwords get hacked all the time. Passwords are your first line of defense and using a weak password is almost as good as no password at all. If you do one thing today, take a look at this password strength calculator. If it doesn’t convince you to change your ways, nothing I say here will.
Never ever underestimate how important a good, strong, secure password is. And most of all, don’t use a weak password that’s easy to guess.
Your password should trigger your spell checker, flagging it as a misspelled word. A quick test to make sure your password isn’t suseptible to a dictionary attacks. That’s when an attacker tries all the words in a dictionary file against your password. Make it random, without obvious patterns or clues, total gibberish. Try deliberately misspelling a word or phrase like: kaKewALc
My rule of thumb when it comes to passwords is long & strong. The real world conumdrum is that long passwords are hard to remember if they’ strong. Key lengthening techniques like salting with a HMAC make your password longer without the burden of unnecessary memorization.
Need to share a password with someone? Get three sequentially numbered dollar bills at the bank. New, uncirculated ones. You take the highest, your partner the lowest. The middle serial number is your shared key. Keep yours somewhere OTHER than in your wallet to avoid spending it by mistake.
I shouldn’t be able to see your password when I’m sitting at your computer. That means no sticky notes hanging off your monitor or cheatsheets in your desk drawer. That’s as dumb as hiding a house key under the front door mat.
Consider using different passwords for different tasks. Think about cataloging your different digital identities: work, personal, family, anonymous, etc. Use one password at work, use another for your personal email identity, and yet another for your throwaway online personas. This allows you to compartmentalize your risk. Who cares if spammers get your throwaway password as long as your financial password is still secure.
Store your passwords somewhere safe, not taped to your screen. Consider storing CDs or flash drives full of passwords (along with software registration numbers, hardware serial numbers, etc.) off-site under in a safe deposit box. Mail yourself a sealed package and save it unopened using the postmark as an analog date and time stamp. Split your keys and store half at home and half off site (secret sharing).
Don’t take my word for it, read this piece on Lifehacker about password security.
Did you know that Feb 1 is February 1 Is Change Your Password Day? I didn’t either til Gizmodo told me so.
Take all of this stuff seriously. Hackers and phishers do. Never let your guard down. Actively resist.