We’re closing in on the end of 2008 and about to start 7D9, or 2009 for those who do not speak hex. I thought it might be a good time to remind you to change your passwords. There are some important things to remember about passwords. Despite the IT policies that are prevalent throughout the world, really great passwords can be made that do not use upper and lower case letters with numbers and special characters. The really important thing is length. Actually, “The really important thing is length” is a much better password than $kW3P*v9.
There are several reasons why the sentence above is a better password. To begin with, you can remember it so you don’t have to write it down and keep it handy. Even more importantly, it will take a computer far longer to crack the sentence (unless it knows to look for a sentence) than the 8 character password with all of the funny characters, etc.
Adding numbers and special characters does help, but not as much as length does. There is a time when the special characters do become important. That is when you are limited to a short password. For example, the web site “Friendster.com” has a ridiculous policy of only allowing a 10 character password. In a case like this, you want upper case letters, lower case letters, numbers, and special characters. Actually, you want Friendster to get a clue, but you have to take your security into your own hands sometimes.
Reusing passwords can be really bad news. You don’t want to use the same password for your computer log on as for your bank. Important information should be protected with unique and strong passwords.
Changing your password regularly is important as well. How frequently you change your password will depend upon how important the information you are protecting is. Generally, once every three months is a really good idea. That way if your password is cracked, by the time a computer has cracked a good strong password you will have already changed it!
One of the problems with multiple passwords is remembering them all. Tools like Cygnus Password Corral (http://cygnusproductions.com/freeware/pc.asp) can be really helpful. Just remember that you need to keep it on a very safe computer and back up that password file!!!
One of my favorite tricks for creating passwords that I can easily remember and are nice and secure is to make a math equation. Something like “1hundred+5=Threehundred” is long enough to be secure, has a nice mix of characters, and the wrong answer is silly enough to be memorable!
So, make your New Year a little more secure and change those passwords!
Author ESET Research, We Live Security