The Weakest Link: Password Security

The Weakest Link: Password Security

OK folks.  Let's admit that the biggest security hole in the typical computer system is you.  That's because most people have easy to guess passwords, and use the same one across multiple accounts.  Combine this with the fact that it is fairly easy to track where people go, and hackers that get into one of your accounts can often figure out where the others are, and get into those too.  Some of the most common passwords around are 'password', 'abc123' and whatever the default for the account was.  (In fact, 1.1% of all passwords are either '12345' or '123456'.)

Why Should You Care?

Because you like your friends, like life, and realize how dear your credit rating may be to you.  Especially if you will need it someday to help deal with your empty bank account after you got hacked and your employer wants to sue you for allowing a hacker into the customer database or missile defense system.

Suggestions

  1. Have at least 3 passwords:  one for your personal accounts, one for work accounts, and a throw-away one for those sites you have to sign up for but don't really mean anything to you.  This way, if one does get hacked, a hacker can't get into the other set of accounts also.
  2. Don't pick a single word.  And it doesn't help much replacing 'e' with '3' and 'I' with '1'  and so on– they are both common dictionary attack methods.  What you need most is length.  And an easy ability to remember it.
  3. Ideally pick a few unrelated words and put them together.  Words are easier to remember.  If you can, try to avoid words that make a normal phrase, like from a song, though even this will be a huge improvement for most people.

Maybe draw yourself a picture of the words – that can really help with memory.  Or maybe pick a few items that can be seen from where you typically use the password.  For example, from my computer I can see gum, a magic 8 ball, and photos of my kids.  So magickidgum would be a great password.  It isn't hard for me to remember these things in my mind, no matter where I am. For the technically minded, there is a fun comic along this line. 

Some sites will require capitals, or numbers, so you might as well figure out how you want to use them now.  If you have a favourite number, just stick it somewhere.  And then capitalize something in a regular way.  For example, you could capitalize the last letter of each word.  Much harder to guess, and if I always do the same thing with capitals it isn't hard to remember.  So now my password becomes magiC42kiDguM.  Quite difficult to guess, but reasonably easy for me to remember, and enough to make any system administrator impressed.

And if you want to have real fun, shift your fingers right or left on the keyboard and then type.  Now the password will not look like anything anymore.  (But this probably isn't worth it if it makes it harder to type ).

If you are worried about your memory, write them all down on a piece of paper, seal it in an envelope and go put it with your important files.

So go pick three long passwords and become a passwordista. 

Main Office

#101 - 554 Parkside Drive
Waterloo, Ontario, Canada
N2L 5Z4
location: view map
e-mail: info@peaceworks.ca
phone:  519.725.7875
toll-free: 1.888.817.3048