Passwords are Required!

Passwords are NOT optional

Passwords, don't you hate them? Passwords are a pain, how do you keep track of them? Do they do any good? Why even bother. This is another one of the those things that even three or four years ago you could have let slide, but not anymore, passwords are one of the most important things to keep straight if you want to not become another statistic in the growing list of identity fraud victims.

Why Bother with Passwords?

The easiest way to answer this question is with another question, why not leave the keys in your car with the doors unlocked? As absurd as that question seems, it is just as absurd to leave your computer passwordless.

I have visited many small businesses where their computers either didn't have passwords, or had passwords that were so simple, any self respecting hacker would die laughing if someone asked if they would keep them out. With computers connected to the internet, the problem is much worse. Passwords control access to resources. If we use weak passwords, we are opening ourselves to being hacked.

What makes a good password?

Good passwords are those that neither a human or a computer can easily guess, and yet at the same time are easily remembered by us.
Humans easily guess passwords that are about us: birthdays, kids names, etc.
Computers easily guess passwords that are short, in the same case, use some part of our name. A strong password needs to be at least eight characters long, but every additional character makes is much stronger. Passwords of items exposed to the internet should be at least ten characters long.

Most people know that good passwords involve mixed case, numbers and non-numeric characters, but most people haven't used enough imagination so that they can easily remember their password.

W2azD!ql
Im2Kul4U!

Both of the above passwords are equally tricky for both humans and computers to guess, but if you look carefully at the second one, you will see that it is actually a fairly easy acronym to remember.
Another trick that you can use that will help you, if you don't have to worry about people looking over your shoulder, is to use keyboard patterns, e.g. 6yhn&UJM looks like an unintelligible mess until you realize that it is just typing down the keyboard starting with the 6 key and then holding down the shift key for the set starting with 7.

Mnemonics and keyboard patterns are just a couple good tricks you can use to give you good passwords and yet not make your life miserable.

Tracking your Passwords

No matter how good your passwords are, life gets complicated if you have too many of them. Some institutions force you to change your passwords frequently. This is one of those security policies that cuts both ways. The more often you force someone to change their password, the lower the quality of password they use over time, and the more likely they are to put the password on a sticky note on the side of their monitor (or under the mouse pad!). The only sane thing to do if you have to have many passwords, or passwords that change frequently is to keep track of them somehow. You can keep a sheet that you keep locked in a safe. If you want to keep the passwords on the computer, put them in a file that is encrypted and passworded and change that password only when you want to do it. There are several free or inexpensive programs that exist just to help you do this.

It is my opinion that you should only change passwords when there is at least a strong possibility that your password has been compromised. Changing the locks on your house annually would technically make it safer, but it doesn't make much sense unless you have reason to believe that someone has gotten hold of your keys. The same rule makes sense for most passwords. The only place where that may not hold is for passwords that are exposed to the internet where hackers and run cracker programs against it on a continuous basis. In this case changing your password frequently makes a lot of sense.

Don't leave your computers naked

Even if you only have two or three computers in your office, password them. It makes too much sense to leave valuable assets unprotected in an increasingly dangerous world.


About Us | Privacy Policy | Contact Us | ©1996-2007 Ergoface Consulting