Effective Password Strategies

To make internet applications useful, a balance needs to be struck between convenience and security.  Advances in technology attempt to bridge the gap between the two.  Unfortunately, rather than moving forward together, the two concepts generally play leapfrog, one trying to catch up with the other.

Passwords are a good way to demonstrate the disparity between the concepts of convenience and security.

For example, “1234” is a very convenient password.  It is easy to remember and fast to enter.  But the drawbacks are obvious.  Due to it’s short length it is very susceptible to brute force attacks (trying one password after another in a strategic sequence).  Let alone the fact it could be easily guessed.  Most people would agree that to protect anything sensitive using this password is not a good idea.  So they opt for a special date, or a meaningful number, or the name of someone or something close to them, etc.  These passwords can actually be less secure than the original example.  These sorts of seemingly personal information are often readily available on the internet either though public records and third-party sources like Google, or self published information like that on Facebook or MySpace.  The bottom line here is that a memorable password would rarely be secure.

Alternatively “d$Gr~42h7pDW%a9” is a terrific password.  The chance of it being guessed is zero.  And it would take a brute force attack literally years to crack. The problem with it is it’s near impossibility for the average person to remember.  This would necessitate storing the password somewhere which creates other security problems.  It would also take considerable time and effort to enter the password even knowing it.  I have used passwords like this and it sometimes even takes me several tries to enter it due to misreading it or typographical errors.

Here are some password dos and don’ts to consider when choosing a password…

Do:
– Include numbers, letters (upper and lower case), and special characters (like ! or * or #, etc.)
– Make your password as long as possible
– Change your password regularly

Don’t:
– Use personal facts such as the last 4 of your social or the name of a child or pet
– Use the same password for trusted and untrusted sources
– Include your username in your password

Password Creation Strategies:
Try to have at least two passwords.  One that is highly secure for use in online banking, etc.  And one “quick and easy” password that is more memorable.  This one you should use to sign up for newsletters or subscribe to sites that you don’t necessarily trust.  With your secure password, try using a phrase if possible.  This can give you the benefit of length, spaces, punctuation, and capital letters.  And at the same time it can be easy to remember and enter.

Leave a Reply

Your email address will not be published. Required fields are marked *