Our passwords give us access to a number of very valuable resources. They control access to our bank accounts, photos of our families, email correspondence, and all kinds of other information. As valuable as all this information is, it is amazing how little effort most people put into making sure they have good passwords. Here are six password resolutions for 2009 to help protect your data with more secure passwords.
1. Resolve to use different passwords on each website.
There are a few ways to do this. The most secure is to use a completely different randomly generated password on each site. If you use a password management program like 1Passwd this isn’t too difficult. Another option is to create a scheme that allows you to modify your password slightly based on each site. For example, if you use a base password of $5*9twoop, you could use $5*9twoop6 for Amazon.com, $5*9twoop5 for Yahoo.com and $5*9twoop3 for wsj.com. The last number is just the number of characters in the domain name that comes before the .com of each site.
This doesn’t make for the most secure passwords, but if some website is hacked or someone gets one of your passwords they won’t automatically have all of your password for every site.
2. Resolve to use longer passwords.
There are two types of brute force approaches to cracking passwords. One is to try every possible combination of letters in sequence. For example, trying every three letter password would look like: aaa, aab, aac, aad, etc. Another common approach is to use a dictionary and just try common words that might be used as a password. Unless you are using a dictionary word, an eight character password is going to be much more difficult to break than a six character one. I’ve started using passwords that are over 10 characters long. We will talk about passphrases in a minute as a way to accomplish this.
3. Resolve to keep password lists encrypted.
If you use a different password for every site, you will probably need to keep a record of them somewhere–particularly if you use completely random passwords and not some scheme like we mentioned in point one. If you use password management software, it may support automatic encryption. If you just keep them in a text file, you will need to investigate other encryption methods.
4. Resolve to use random symbols in passwords.
Passwords that have symbols (like *#&@!) are much more difficult to break using a brute force attack. Along the same lines you should make sure you can use both capital and lower case letters.
5. Resolve to use passphrases.
Passwords like The^funny@clown! are much more secure than a password like clown99 or Cl()wn simply because they are longer. With a phrase, you get a memorable password while increasing the length considerably.
6. Resolve to password protect your computer.
If the average computer is stolen, simply turning it on will get you access to everything on the hard drive. At the very least, you laptop should prompt you for a password when you boot it and when it comes out of sleep mode. This doesn’t protect the hard drive like encrypting all of your data, but if a thief is after your hardware (not your data) they will probably just reinstall the OS to sell the machine. If they immediately have access to all your data, you significantly increase your chances of them poking around a bit to see if they can find any valuable information before selling it.