Sunday, August 22, 2010

Passwords are like underwear…

From Taste of Tech by John Schinker blog post called What’s the Password…

When talking about passwords, I’m reminded of the adage that passwords are like underwear:

    • change them often
    • don’t share them with friends
    • the longer, the better
    • don’t leave them out where people can see them.

…here are a few tips for improving your password:

    • Don’t use your name, or the names of your spouse, children, or pets. Those are just too easy to guess.
    • Stay away from words that can be found in the dictionary. It’s pretty easy to do a “dictionary attack,” where hackers try all of the words and word combinations to try to get your password.
    • Mix upper- and lower-case. For the average password, changing some letters to upper-case will make the password 200 times harder to crack.
    • Use all of the characters. There are 102 keys on your keyboard, but only 26 letters. It’s okay to use punctuation, numbers, and even spaces in passwords. Throwing in some of these characters will make your password another 100 times harder to guess.
    • Use different passwords for different things. Our student records system uses different usernames and passwords from our network and email systems. In this case, that was very good. Whoever got access to these teachers’ accounts couldn’t access grades or attendance information.
    • Protect your email. Your email password is probably the most important one. Why? What happens when you go to an online site and you click the “I forgot my password” link? They email you a link that you can click on to reset your password. If someone has your email password, they can reset your passwords for many of the online services you use. So your Facebook / Twitter / Youtube / Flickr accounts might be in jeopardy if your email password is compromised.
    • Change your passwords. Certainly not every day. Probably not even every month. But once in a while, change your password. This is especially true if you school IT person just strongly suggested that you do so (hint, hint).

This is excellent advice for everyone.  We do all have many different user names and passwords. It gets very complicated to have so many and to change them all the time, but it is a necessary evil.

What advice do you have about passwords?

Do you have a Horror Story about passwords and hacking into user accounts?

How did you solve it?

No comments: