I read this article (via slashdot) this afternoon. The data from the Rockyou.com breach does indeed give a fascinating insight into the password choices of ordinary web users. What was shocking is that almost 50% of the passwords used were shockingly weak, including names, the name of the website itself and consecutive characters, e.g. abc123. People use these weak passwords because they are easy to remember, but mostly because we're all in so deep with IT that we need a multitude of passwords and usernames just to get us through the working day. Repeating the same dodgy old password and registering your username and password as the same seems to be an easy solution.
It isn't. Here's my 3 top tips for strong, easy to remember passwords:
1. Don't use straight words which can be guessed or discovered by a brute force attack, nicknames are really popular. If you want to use words or nicknames mix up the letters with other characters, play around with the cases, even try spelling out letters you for u eye for i- this stops them becoming 'dictionary words', e.g.:
sassygirl becomes
5assy9irl
5as$y9ir(
5As$y9iR(
2. Lengthen it out- try to make all of your passwords 8 characters or more. If that's a lot to remember then try using the the initial letters of a memorable sentence, song, book etc.; if it has to be a solely numeric password try two phone numbers you no longer use or a selection of house numbers- not your date of birth!
ishfwilf (I Still Haven't Found What I'm Looking For)
anwyccdfy (ask not what your country can do for you)
ouatiagffa (once upon a time in a galaxy far far away)
Combine the strategies and you have something that is meaningless to everyone but you:
i5hFw1L4
@nwy2cdfU
0u@ia9ffA
3. If you really can't remember your passwords, write them down. This used to be the cardinal sin of the workplace, users wrote down their username and password then promptly taped it to the monitor. I'm not suggesting you tape your hotmail password to the monitor, but there is less harm in writing your password (with no description of what it is), or, even better, something to remind you of your password on a piece of paper to keep in your wallet than there is in being abc123 on every website you use. What I'm trying to protect you from is someone finding your password online: no one is going to hack your wallet.
Hope this is useful!
Seek and ye shall find
Aberystwyth
Ambleside
annoyance
apps
bagels
beauty
beer
bing
Blogger
blogs
books
British Library
browsers
cam23 things
cambridge
computer security
delegation
dentists
design
digital age
disappointment
efficiency
ETAOIN SHRDLU
Facebook
film
Firefox
first impressions
football
Foursquare
goodbye
Google
Google Chrome
Histon Road Top Trumps
human rights
iGoogle
information economy
internet access
iPhone
Lake District
language
Librarian in Black
libraries
library degree
library fines
literature
love
MAN Booker Prize
Marsh
mobile library
money
mouseover
music
networking
New York
Noodle
nostalgia
NYPL
older and wiser?
Orange Prize
Oz
pain
PATRIOT Act
pictures for sad children
poetry
pride
public lending right
Question Time
reading
relaxation
reviews
road movie
RSS
safety
search engines
Shakespeare
simplicity
sleep
snafu
social networking
start pages
strange interests
stress
Stuart Maconie
talking cats
taste
The North
the road
thing five
thing four
thing one
thing three
thing two
tragedy
Twitter
typefaces
UNIX
vinyl
walking
Web 2.0
webdesign
Wolfram Alpha
worrying
No comments:
Post a Comment