What makes a good password?
People are always telling computer users to choose a "good password" when one is needed. But, just what makes a good password? And why is a good password so important?
Often times, a password is all that stands between your important information (bank account, e-mail, employee records) and a malicious cracker (sometimes referred to as a hacker). If your password is easy to guess, then it will be guessed easily by the bad guys.
Bad password choices
- Blank passwords.
- Password the same as your username.
- Your first name, last name, or combination of the two.
- A family member's name.
- A pet's name.
- Any word that you could find in a dictionary.
Computer users tend to choose passwords relating to a person or activity that they particularly like. While this makes the password easy to remember, it also makes it easy to guess. Example: After a few minutes in your office talking business, a co-worker notices you have three pictures of your dog. One on your desk, one as the background on your computer, and one hanging on the wall. A simple friendly question from your co-worker, "That's a beautiful dog, what's its name?" and you've given away your password! The same theory applies to favorite activities, spouse, kids, etc.
To understand why any word in a dictionary is bad, you must understand the ways in which crackers try to guess passwords. The three major methods of getting a password are social engineering, brute force password attack, and dictionary attack. An example of social engineering is given above—basically someone asks you for your password and you tell them! A brute force password attack involves trying every possible combination of letters, numbers, and symbols until the correct password is found. Dictionary attacks take a huge list of words and tries each word until the correct password is found.
Good password choices
There are many elements to choosing a good password. A good password should:
- Be at least 6 characters (longer if possible).
- Have a mixture of uppercase, lowercase, numbers, and symbols.
- Be easy to remember but hard to guess.
How do you remember a good password?
A really good password might be hard to remember if it's not chosen carefully. You might be tempted to write your password down and put it in an easily accessible place. Don't do it! This is one of the easiest ways to compromise security. Passwords stuck on the monitor, hidden under keyboards, under the desk drawer, or in the desk drawer are easy to find and abuse. If you must write it down keep the paper in a safe place, like a safe or locked cabinet. Try not to write down your username with the password. Without knowing the username or which service a password belongs to, it is of limited usefulness. This is a good example of why you should not use the same password on multiple services.
To help you remember a new password:
- Use the new password immediately.
- Try to use it again within the next 15 minutes.
- Don't change your password right before you leave for vacation or the weekend.
How often should a password be changed?
Changing a password guarantees that if someone does figure out your password, they won't be able to use your account for very long. But, that extra protection comes at the price of an increased burden to remember passwords. A good password that you haven't given to anyone should be good for at least several months. Don't ever give your password out to other people. If you must for some reason, change the password as soon as possible.
Passwords are important and should be treated like a critical piece of information. Users should be trained to protect their passwords and not to give out any critical information to unknown people. If you would like more information on security training or have any questions about the information presented in this article, please, contact us.