Building a Better Password
Almost every medium- to large-size company has strict guidelines for employees about computer passwords, including a requirement for everyone to change his or her password about every three months... or sooner. It probably seems like an annoyance, but there's a reason for it.
Here's how one actual organization responded to a complaint from an employee about creating new passwords:
"The main reason for regular password changes is to limit an account's exposure to misuse. Why every four months? Every time you type in your password it is at risk of compromise - by someone looking over your shoulder, through interception as it travels across the network, and so on. The more it's used the more opportunities there are for it to be disclosed inadvertently. Also, as noted below, certain types of 'brute force' attack - trying out every possible combination of characters to work out your password by trial and error - take time, especially for longer passwords. Regularly resetting passwords may prevent this kind of attack, or at least make it less attractive, given that the process will need to be repeated time and again. Resetting regularly also limits the damage that can be done without your knowledge, and helps to prevent continuing unauthorized use."
Most companies know that requiring people to change passwords too often (once a month, let's say) could be a hassle; because computer users today have so many passwords, it's easy to forget them. Having to change and remember one important password (a work password) just four times a year seems to be a reasonable request.
How about at home?
"That's the workplace," you say. "It's different at home." Not really. It's just as important for you to think about creating good passwords AND changing them routinely FOR YOUR OWN SAFETY!
In late 2013, hackers stole nearly 2 million user names and passwords for email accounts from Yahoo and Google, as well as for Facebook and Twitter accounts. In a review of the stolen accounts, researchers discovered that thousands of people used the very ordinary so-called passwords to access their accounts. They felt that only five percent of the stolen passwords were considered "excellent, " and only 17 percent were "good." The rest were just plain terrible—too easy for a skilled and focused hacker to uncover.
Remember this: if hackers got ahold of user names, they can try a number of ways to figure out passwords. If your password is too simplistic (like "password" or "abc123") or if you just used your first or last name, they could crack the code (and your account).
Read the following guidelines and incorporate the information here to build a better password.
Simple: Use better passwords
- Make passwords longer. The experts say a password should be at least eight characters long, but more characters is even better.
- Use more of the keyboard. Use combinations of letters and numbers; mix in upper and lower case letters, and add in symbols such as "!" or "@." Try to vary it as much as you can. "cool!PassWord9@9" is a pretty cool password, don't you think?
- Choose nonsense. Try to avoid picking words out of the dictionary and combining them, like "duckdog." Determined hackers can crack passwords by going through databases of known words. These programs know about such tricks as adding numbers and symbols, so you'll want to make sure the words you use aren't in the databases.
- Avoid the obvious. Don't use your name, company name or hometown, for instance. Avoid easy-to-find-out pets' and relatives' names, too. Stay away from cues that someone could research and look up, such as your birthday or ZIP code. (Not all hackers are total strangers.)
- One account, one password! Do not use one password (or simple variations) for different accounts. When hackers snag a password, they'll try it on other accounts linked to you. It's one thing if they mess up your Twitter account, but do you want them accessing your bank accounts?
- Change each password regularly. This article started with a good explanation of why it's important to change a password. Follow the advice for your important accounts. (Maybe the password to be a sports insider isn't as important as your Facebook account.) You decide, then act!
Bonus: Here's your formula for a tricky password. Make up a goofy sentence and pluck the first letters out of each word, then add some characters. How about... "ugly cousin Lou has 4! buck teeth @ last. Password? UcLh4!bt@l.