AVG_Anti-Virus
on - last edited on
It's sad fact, but people don't take passwords seriously enough. You could almost write a comedy sketch about the 'obvious' passwords that so many people use. A password consisting of the numbers “one to 10” is not uncommon, as is simply the word "password" or "admin" or the user's first name.
Using the name of your first pet or school, your birth date or your mother's maiden name is not smart either as this information is often favored by banks as a means of identifying you. Putting it out digitally in any form (even if that is onto a comparatively secure website or not) is simply not good sense.
"To continue reading this piece, please enter a password. If you do not have a password please create one now of at least eight characters in length. Please use a combination of CAPS and lowercase letters and numbers."
How familiar is that? How many times do we see those instructions and just blindly type in something meaningless so that we can continue surfing?
The problem is that there are so many "light" password gateways today. Websites seek to create 'sticky' pages that users will repeatedly revisit by offering password access only. But these gateways obfuscate the importance of the "heavy" passwords that you need to keep close to your chest and that you need to create intelligently.
Just to be clear, there is no industry de facto term that defines a "heavy" password – we are simply drawing a distinction between a casually used password that might for example let you view an online news item, to that of your online banking password which should be ultra-robust and definitely not the same as the one you use to access social networking sites like facebook.
So what makes a good password?
Firstly and most importantly of all, a good password is a password you can stick with. You do not have to change your password every 90 days (or however often you have been advised) but you could do. There are no ground rules on this one and the jury is out from a technical perspective as to whether this process simply opens up more hacker gateways or whether it closes them down.
What is important is that you are supremely obscure. Don't use any of the cardinal numbers in order, even if you start at 3, 4, 5. Don't even use them in sequence as in 3, 5, 7. Use them backwards and interspersed with letters (both CAPS and lower case) and characters from the top line of your keyboard such as the exclamation mark, the hash sign and asterisk for example.
But that is just the start. If a hacker has managed to steal a copy of your password, it is most likely that he or she will only have an encrypted value of your password. The hacker will start using password hacker systems, which will initially attempt to use human language dictionaries and human behavior logic to crack your secret code.
So be as illogical as you possibly can be. Don't use the word "frogspawn" when you could use "spawnfrog" and so on…
Carrying that 'illogical' theme forward, use your brain to outwit any computer password hacking software. Humans are visual thinkers, so this means we can visualize something that might not be part of the real world clearly in our own heads.
Have you even seen a purple elephant? Neither have we, so that's a good image – and therefore a good phrase to use. Why stop at purple, let's choose a more creative colour such as lavender, fuchsia or puce. Why stop at elephants, let's choose armadillos, bandicoots and groundhogs and so on…
So let's be clear – we are not saying that "FUCHSIAarmaDillo5918!*" is not the best password you'll ever come up with, but it's certainly going to help you if you think along these lines.
Seven steps to password perfection:
1. Don't use cardinal numbers in order: 1,2,3,4,5 etc. is not clever.
2. Think illogically, computers rely on logic to operate.
3. Be obtuse, think outside the box, invent a new word!
4. Never use your mother's maiden name or any password that your bank might use.
5. Mix keyboard characters such as the asterisk with letters and numbers.
6. Use a mixture of CAPS and lowercase letters.
7. Always change default passwords from 'password' or 'admin'.
8. And lastly and very importantly NEVER tick the remember this password box.
Image credit: Richard Parmiter
You must be a registered user to add a comment here. If you've already registered, please log in. If you haven't registered yet, please register and log in.