MyLaptopGPS » passphrases http://blog.mylaptopgps.com Laptop Computer Security Tue, 07 Jun 2011 19:50:35 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 Tip of the Week: Use a Real (Strong) Password http://blog.mylaptopgps.com/2010/01/05/tip-of-the-week-use-a-real-strong-password/ http://blog.mylaptopgps.com/2010/01/05/tip-of-the-week-use-a-real-strong-password/#comments Tue, 05 Jan 2010 23:59:15 +0000 Dan Yost http://blog.mylaptopgps.com/?p=769 Continuing the mini-theme of password security, since it has been shown to be so crucial to overall data security, let’s consider the strength of password values themselves.

Most “lay” people–just regular folks–will use easy to remember passwords. Way too easy, that is. How about these:

password123
test
password
<user’s name>
<user’s spouse’s name>

Think back to a great Tom Clancy book made into a movie starring Harrison Ford, “Clear and Present Danger.” In one scene, Ford’s character needs access to certain computer files. An agency datahead is brought in to try to break in. He starts guessing passwords.

“Birthday…no”
“Kid’s birthday…no”

Ford and another character look at each other as if to say “Oh brother, this will take years.” Before they can even reach the door to leave, the datahead calls out, “Got it!” Sure enough, he’d already guessed the password–something like the wife’s birth month, son’s day, daughter’s year, in reverse. (I don’t recall exactly–feel free to post a comment if you remember the value!)

This is actually illustrative of the point. A weak password is very, very quickly cracked. Not only do most folks use the same password for all of their accounts, but that password itself is usually very, very weak.

In the Harrison Ford movie, the given password would be a major step UP for most people!

This is also why many websites today have password strength gauges, and some will not even allow user’s to create a password unless it is secure. Creating a secure password is actually quite easy. Make it as random as possible, as long as possible, and as “complicated” as possible by mixing upper and lowercase letters, numbers, symbols, and so on.

(Quick RANT: why do so many websites refuse to accept non-alphanumeric characters, such as various symbols like “%” and “$”? Ridiculous! Sanitize the database queries to allow such simple characters!)

If you’re not using one of the silly websites that refuses to allow you to create a password with symbols use them.

Examples:

kKh1n$3#nMa
kln224S.,(8nm

Or without symbols:

nM83AnaBfavW
bVrTsssFgvA241C


Even better, use pass PHRASES:

I aM picKing @ phrase th@t I us3 for my P4ssword
I just L0v3 Hock3y, e$peciallY the C0lor@do Aval4nch3

And here again, even though they should know better, many IT professionals are guilty of the same transgressions!

Another question may be asked: how in the world is a person to REMEMBER these passwords? Ideally, you just do–just memorize them. For the rest of us, use a password safe (see previous blog about that).

Weak passwords are a major problem. And they’re everywhere.

]]> http://blog.mylaptopgps.com/2010/01/05/tip-of-the-week-use-a-real-strong-password/feed/ 0