I just wanted to take a quick minuet to stress the importance of strong passwords. A lot of people have poor password habits. These habits cause them to be at unneeded risk. This is even more true with a business. Some times an entire business can be brought down with a single bad password. So I thought I would go over a few general rules. These guidelines are not the most strict, but they are a good mesh of real world needs and security. Also they are intended for the individual. If your trying to supply password rules for an entire user base there are some other considerations to take into effect. 

 

The first mistake people make is use simple passwords. Don’t use a pet’s/child’s/lover’s name. Really, this is a huge mistake. A lot of people do this, but if your like most people you share your day with others, and thus talk about your kids, for example. Now everybody you know has a good base for your password.  The same is true for simple words. Do not choose your favorite food, or tv show. Any public information can easily be  found on the internet. Just think about how many times the average person talks about their favorite vacation spot on Facebook. You want to choose a good, strong unique password.

 

To get a strong password, the best way is to think of an easy remember phrase, then “encode” it into a password. For example, “I like to watch Farscape on Sy-fi”. Take that sentence and use the first letter of every word (IltwFoS). Now replace the vowels (1ltwF0S). Now you have a pretty decent password that is easy to remember. The longer the sentence the better. 

 

The next biggest mistake I see people do is using one password for everything. Now to be super secure, you should have a unique password for every singe site/program. But thats not very realistic. Instead I recommend having a pool of 3–5 passwords. The first you keep to your self, no matter what. You don’t even tell your loved ones that password. The second is your more general password. The one you share with your wife and not many others. The third can be your public password. This is the password that you share with the people you trust. Your friends, or employees, other family members, it’s up to you. But you have this password to share with them, and it’s not on anything critical. You should still trust the people you give this password to, but it’s not linked to anything critical so, no harm. 

 

The third biggest mistake is sharing a password. Now just as I said above if you have a pool of passwords you can decide what level of access you want to give to someone. But you should be extremely careful not to give the wrong person the wrong password. You trust these people, but remember, the more people that know a secret the less of a secret it is. It’s common for a friend to write down a password and what it’s for then forget to grab it off their desk. Do you really want your friend’s co-workers to have access to the same things you gave your friend access to?

 

Fourth on the list is not changing passwords. Inevitable, you’ll make a mistake and give the wrong password to the wrong person. You might write it down and leave it behind, or someone might really not like you, and might spend 6 months hacking away at your password. Either way the best way is to change your passwords. I recommend once every 6 months. It can be a bit of a pain, but if you just decide to do it, and change every password, when every you use an old one, then you will work through most of your passwords really quickly.

 

The fifth biggest mistake is writing down your password. You should never write down your password. Use a memorable phrase like the example above. If you have a hard time remembering passwords then use an application like 1Password. Never write down your passwords. Never print them out. And for the record, storing them in a plain text file is the same thing as writing them down (Excel too). If your going to store your passwords then you need something that has a password it’s self. Good examples on a Mac are 1Password, Bento, and KeyChain. 

 

So for quick re-cap

 

 

 

Do Not Do

Do

Use Simple passwords (kids names etc.)

“Encode” a memorable phrase into a password

Use a single password for everything

Have several passwords that your can use (3–5)

Share your password

If you must share a password then create a new password to share (or use a general password from the 3–5 password pool)

Keep the same passwords forever

Change your passwords every 6 months

Write down your password

If you need help remembering your password, use a program designed to do so.

 

 

 

 

While nothing on line is totally secure, using these guidelines will keep most people safe from hacking and ID theft. Again these guidelines are not “the most secure” but they are, in my opinion, a good balance between “so secure even the owner can’t log in” and “my password is the word password”. It’s all about finding the middle ground. And these guidelines provide a good balance. 

 

You can download an offline version of this article by clicking here.

Coteyr.net Programming LLC. is about one thing. Getting your project done the way you like it. Using Agile development and management techniques, we are able to get even the most complex projects done in a short time frame and on a modest budget.

Feel free to contact me via any of the methods below. My normal hours are 10am to 10pm Eastern Standard Time. In case of emergency I am available 24/7.

Email: coteyr@coteyr.net
Phone: (813) 421-4338
GTalk: coteyr@coteyr.net
Skype: coteyr
Guru: Profile