Most PCs and lots of personal data, such as
bank records and Web mail access, are guarded only by a username and
password. Usernames are fairly easy to guess and often pre-filled in,
so you need to make sure your passwords are strong—not easily guessed
or cracked by "dictionary" attacks that throw millions of letter
combinations at the dialog. Many of the most widespread Internet worms
have built-in dictionaries of common passwords, and once they are
running on your system, they can attack your computer and others on
your network.
- Don't use any part of your username, full name, address, birth
date, and so on. This data is readily available to intruders.
- Don't use English or even foreign words.
- Make sure your password is at least six to eight characters
long. In fact, the longer the password, the better.
- Use different kinds of characters in your password. At the
very least, your password should contain uppercase letters, lowercase
letters, and numbers. If you're comfortable with non-alphanumeric
symbols (such as #@!&) or extended ASCII characters (which you can
access by holding down Alt and typing on the number pad), use them.
- Change passwords every month to six weeks.
- Don't write your passwords on a sticky note and post it on your
monitor.
- If you need to keep a repository of passwords, use a utility
like RoboForm Pro (www.roboform.com)
that keeps an encrypted list of all your passwords under a single
master password. These programs can also generate strong passwords to
your specifications.
- Don't recycle old passwords or use the same one for several
different applications.
- Use a word you know, but substitute punctuation and numbers
for letters. For example, coffee could become C0FF33 and Indiana_Jones
could become 1nd1@n@_j0n3s.
- Use a passphrase—a group of words, as opposed to a single
word. If you're a Beach Boys fan, "It's not a big motorcycle, just a
groovy little motorbike" might be a good passphrase.
Note that not every security system lets you use passwords this
long, or even ones that have embedded spaces. Some e-commerce sites,
for example, will allow you only 8- to 12-character alphanumeric
passwords. But, since Windows 2000, Windows has allowed passphrases
with
up to 127 characters.