Thursday, March 18, 2010

Good Passwords: Make one and use it!

Image from Wikimedia.orgPasswords: Everyone online has them.  Many of us forget them.  Some of us never change them.  But you know what? It's about time to start!

I have students that even now think "qwerty" and "12345" are good passwords.  I have seen more than one adult use "password" as a password "To make things easier."

These are only good things if you want your account to be compromised, so I'm making this post to show a quick and easy way to make passwords that are simple enough to remember without being equally easy to guess.

  1. Start with a phrase or sentence - a long one, but one you can remember.
    Mr. Smith is the best teacher ever and he never, ever brags.
    -or-
    My house is on Maple Street and it has a blue mailbox.

  2. Keep only the first letter of each word.  (To be really sneaky keep only the last letter of each word.)  Good passwords will often have mixed cases (both upper and lower case letters) to make them appear even more random, so I kept the capitalization from the words Mr., My, Maple, and Street.
    Msitbteahneb
    -or-
    MhioMSaihabm

  3. The strongest passwords have both numbers and letters.  I will usually replace a few of the letters that look like certain numbers.  "1" could be "i" or "l."  "3" could be an "e." Of course "0" and "o" are so similar it goes without saying.  You don't have to replace all of your letters - a few here and there are enough.
    Ms1tbt3ahneb
    -or-
    Mhi0MSa1habm

  4. If you're someone who uses different passwords for different services (generally a good idea), you could even add the name of that service at the beginning or end of that string of almost random numbers or letters.  For this example I used Google Mail (or Gmail)
    Ms1tbt3ahnebgm -or- gmailMs1tbt3ahneb
    -or-
    gmMhi0MSa1habm
    -or- Mhi0MSa1habmgmail


Oh, and a few extra tips:

  • Avoid writing your password down if you can help it.  If you know you have no chance of remembering it otherwise, keep it in a wallet or something else that you never leave unguarded.

  • Don't tell anyone your password. They may be your friend now, but what if you have a falling out?  What if they write it down, and someone else sees it because they weren't as careful as you were?

  • That goes double for the people running whatever the password is for! I don't need to ask a student for their password to log into their account.  Blizzard employees don't need your password to access your World of Warcraft account.  Hotmail, Gmail, Ebay, MySpace, and Facebook employees have the same power - they will never ask for your password and if one of them does then they are lying about being an employee.

  • If a computer is in an unmonitored public location (like a public library), don't use any of your passwords.  There is a pretty good chance that those computers already have spyware on them.  Use them to check the news, weather, or how your favorite team did last night, but don't check your email.

No comments: