Creating a Good Password
When you think about the number of PIN numbers, passwords, or passphrases you use every day: getting money from the ATM or using your debit card in a store, logging on to your computer or email, signing in to an online bank account or shopping cart...the list seems to just keep getting longer.
Keeping track of all of the numbers, letters, and word combinations may be more than a headache, and maybe you've thought, is it really important. Who would want to read your personal email? Or why would someone bother with your almost maxxed out credit card when there are others with much more credit? Remember, sometimes an attack is not specifically about your account but about using the access to your information to launch a larger attack. So having a hacker or identity thief get into your personal email doesn't seem like much more than a pain and maybe they'll read your email, consider what will happen if an attacker gets your social security number or your medical records.
One of the best ways to protect information is to ensure that only authorized people have access to it. Establishing that someone is the person they claim to be is the next step, and this authentication process is even more important, and more difficult, in the cyber world. Passwords are the most common means of authentication, but if you don't choose good passwords or keep them confidential, they're almost as ineffective as not having any password at all. There have been instances where systems and services have been successfully broken into because insecure and/or inadequate passwords were used.
Choose a good password
Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or "crack" them. Consider a four-digit PIN number. Is yours a combination of the month, day, or year of your birthday? Or the last four digits of your social security number? Or your address or phone number? Think about how easily it is to find this information out about somebody. What about your email password ” is it a word that can be found in the dictionary? If so, it may be susceptible to "dictionary" attacks, which attempt to guess passwords based on words in the dictionary.
Although intentionally misspelling a word ("cardd" instead of "card") does offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password "baseball," use "BBhbmL" for "[B] [B]all [h]as [b]een [m]y [l]ife." Using both lowercase and capital letters adds another layer of obscurity. Your best defense, though, is to use a combination of numbers, special characters, and both lowercase and capital letters. Change the same example we used above to "BBhb*m1." and see how much more complicated it has become just by adding numbers and special characters.
Don't assume that now that you've developed a strong password you should use it for every system or program you log into. If an attacker does guess it, he would have access to all of your accounts. You should use these techniques to develop unique passwords for each of your accounts.
- Don't use passwords that are based on personal information that can be easily accessed or guessed, (i.e., birthdates, social security numbers, family or your pets names)
- Don't use words that can be found in any dictionary of any language
- Develop a memory device to recall long or complicated passwords
- Use a passphrase instead of a password
- Use both lowercase and capital letters
- Use a combination of letters, numbers, and special characters
- Use different passwords on different systems