Password Do's and Don'ts
Today I had a client ask me "How can I keep someone from getting my passwords online"?
"You can increase your password protection by 90% just by not being obvious", I said. The confused look on his face told me I wasn't being crystal clear."
"OK" I said, "I want you to do three things for me. First, think of a number between 1 and 4. Next, think of a color. Finally, think of a piece of furniture. " I gave him a few moments and said "Got 'em? Good. Your number is 3, the color is Red and you thought of a chair".
That's when his jaw hit the ground. "How did you ...?"
"The same way I can guess your passwords. In each of those cases, over 60% of people will think of the answer I gave when asked those questions. So, I probably got 2 out of 3 of those answers right ... right?"
"That's right!" he said, "I was thinking 'Blue' for the color, but you got the other two on the nose. So, what would you guess for my passwords?"
"10860, 121562 and Spike"
... I caught his glass as it slipped out of his stunned hand. "How the hell could you KNOW that!"
I smiled and said "That's your address, your birthday and your dog's name. They're the easiest for you to remember, so you use them as passwords so you don't forget them. If I can guess them, hackers can guess them. Don't use them."
The easiest way for hackers to get your password is for them to ask you for it - and have you give it to them. I've talked about that before. The next easiest is for them to guess. With online phone directories, search engines, newsgroups and blogs (surprise!) you can learn a LOT about a person. Don't use personal information for a password.
I personally will create a combination of letters and numbers (tougher to crack) that vaguely compose a word that pops into my head at the moment. For example "f133t1ng" is an alpha-number composition for 'fleeting'. Then I save all of my passwords in a password protected file on my computer. This way, instead of having to remember a password, I simply open the file and cut-n-paste the information when needed. This allows me to randomize my login information and not worry about losing an important password.
So, your first step with good passwords is ... don't be obvious.
P.S. - Three more obvious passwords are your first name, anniversary date and "Password". Avoid these as well.
"You can increase your password protection by 90% just by not being obvious", I said. The confused look on his face told me I wasn't being crystal clear."
"OK" I said, "I want you to do three things for me. First, think of a number between 1 and 4. Next, think of a color. Finally, think of a piece of furniture. " I gave him a few moments and said "Got 'em? Good. Your number is 3, the color is Red and you thought of a chair".
That's when his jaw hit the ground. "How did you ...?"
"The same way I can guess your passwords. In each of those cases, over 60% of people will think of the answer I gave when asked those questions. So, I probably got 2 out of 3 of those answers right ... right?"
"That's right!" he said, "I was thinking 'Blue' for the color, but you got the other two on the nose. So, what would you guess for my passwords?"
"10860, 121562 and Spike"
... I caught his glass as it slipped out of his stunned hand. "How the hell could you KNOW that!"
I smiled and said "That's your address, your birthday and your dog's name. They're the easiest for you to remember, so you use them as passwords so you don't forget them. If I can guess them, hackers can guess them. Don't use them."
The easiest way for hackers to get your password is for them to ask you for it - and have you give it to them. I've talked about that before. The next easiest is for them to guess. With online phone directories, search engines, newsgroups and blogs (surprise!) you can learn a LOT about a person. Don't use personal information for a password.
I personally will create a combination of letters and numbers (tougher to crack) that vaguely compose a word that pops into my head at the moment. For example "f133t1ng" is an alpha-number composition for 'fleeting'. Then I save all of my passwords in a password protected file on my computer. This way, instead of having to remember a password, I simply open the file and cut-n-paste the information when needed. This allows me to randomize my login information and not worry about losing an important password.
So, your first step with good passwords is ... don't be obvious.
P.S. - Three more obvious passwords are your first name, anniversary date and "Password". Avoid these as well.
posted by JB at 9:26 PM
0 Comments:
Post a Comment
<< Home