W3C.org's History Page
If you enjoy WebSite Primer please recommend this site to your friends!
Article: How Easily Did You Select A Password?
Originally Published: 2002-06-08
Updated: 2006
When you sign up for an account online, in many cases you can create a password. Problem is that many people pick out something simple, easy to remember, or keep the e-mails containing those passwords stored in their e-mail accounts. Did you do any of the above? This article discusses password selection and protection.
Do not fall into the easy to figure out
password clique.
Did you pick your mother's or grandmother's maiden name as a password? Or your town's name or zip code? What about Fluffy purring by your chair, is she a key to your password? Or did you use your own, a spouse's, or one of your children's birthdates or middle names as a password?
Or did you think that you went the creative route? You know, picking catchphrase of your's or a word you liked? Did you just divvy up your site's name to being something like User: Website Password: Primer ? Do two or more of your online accounts share the same password?
Perhaps then you need to rethink your strategy. Especially if feeling that you are thwarting someone being able to guess or break into your online accounts. You are a member of the "easy to guess" password clique if you did any of the above.
Here are some tips on how to go about selecting a password and keeping it safe
- Try not pick any word that can be found in a dictionary.
Did you know that Webster's New World College Dictionary has 163,000 words in it? The smallest dictionary in a password cracker program has more than 200,000; it includes places and popular names, such as television or movie characters. Does your password sound creative now?
- Do not use personal information.
Telephone numbers, ATM pin numbers, zip code, home town name, street address, place of employment, date of birth, zodiac sign, the names of kids, pets, and/or significant others and anything else that is of no business to a complete stranger should all be considered off-limits in terms of being used as a password.
- Avoid obvious-to-guess combinations.
Let's say you are a fan of Star Trek, and you frequent places that are about Star Wars. How hard to you really think it would be that EnterpriseFan may have the password of Spock, Tribbles, or another word or phrase easily associated with Star Trek?
A Yahoo! Employee once shared about a boy band fan club founder's account being broken into. The young girl swore she never shared her password with anyone. Come to find out, her ID name proclaimed her to being a certain member's of the band #1 fan and the password, you guessed it, being his name. It didn't take long for the person to break into the account, simple guesswork all that was needed.
- Attempting to thwart with a couple of numbers tacked on?
Did you think you were clever by slipping on a couple of numbers at the end of the password? Think again. User: Angie Password: Angie2 - easily guessed, and sometimes without a program to aid in figuring the password out.
- Avoid one-password-fits-all thoughts.
You should not use the same password for all your online accounts. A person guesses one, then they have guessed them all. Your Yahoo! membership password should be different from the one you use at eBay, both of those should be different from your email account password and etc.
- Do not fall for e-mails or questionaires saying you need to supply your password.
- This is one of the easiest tricks, nowadays termed phishing. The goal is to get someone, without a second thought, sharing their password. Sadly, the trick is so easy that many fall for it! It can't be said enough: do not share your password without thinking before doing so. Think: why would a bank or systems administrator email to ask for you to tell them your password when they have databases to store that information in?
- Keep your passwords offline and preferablely off the computer's hard drive.
Print out the confirmation letter, delete the e-mail the contains that information.
Do not store the email in your email account. If your e-mail account gets cracked - you are leaving a treasure trove of havoc that the crackers can create without having to work hard at all!
Buy an address book to write your passwords in - use the back of a picture in your home to list this information - use the back of your mousepad - but do not keep this information online or even on your PC in case someone slips in a trojan that can give them access to your hard drive's contents.
Sometimes being nonsensical can be of help?
Looking that list of no-no's on how to pick a password, some of you may be stumped on what is left on creating a password. Well the best defense is nonsense. Let's say you are known for saying the catchphrase "coolios!", you can use c0o1i0s, c#o1i@s, and - if the place allows case-sensitive passwords - Co0L1o5. Use special characters and/or numbers in place of letters.
Or be obscure! Let's say you were born a Gemini and moved 14 times in your life could you remember Gem#14m0ve as a password? Or you love lemon cake ... l3m0ncaK3 may work in being easy to remember.
If allowed, as some places restrict to 5 characters maximum, shoot for 8 to 10 character passwords. If at a site that limits you to less than 8, then mix in numbers and special characters.
Follow your ISP's advice and change your passwords periodically. Some recommend every month, other sources say you can do this every 3 to 6 months, while others say once a year is fine.