Securing Your Digital World: Passwords

Posted on September 19, 2007 by Michael Koby

When it comes to securing yourself in your little digital world, everything revolves around your passwords. Your passwords are the first and major line of defense in securing your personal data be it email, documents, or even your money. The problem is, most people have fairly unsecure passwords and as a result their “front lines” are weak and easily penetrable. So how do we create secure passwords? What makes a password “secure”? And how many passwords should you have? We will answer all of these very important questions in this article.

Why You Need Secure Passwords

I get asked a lot when I go off on my diatribe about strong passwords because people think, “What’s the big deal? Let them read my email.” Well if someone can get access to your email, they can get a hold of a lot of information. Think about it, what goes to your email? Your bank information, PayPal, eBay, personal letters, maybe even personal info like social security numbers and addresses. Also, chances are the password you use for your email is the same one you use on at least a couple of those websites I mentioned. Even if it is not, if someone has your email address password, they do a “Forgot Password” where it will email the password or a link to change to a new password to your email address which they already have access to. So having a secure password on your email (for starters) is extremely important. You really do not want to stop there, you want as many of your passwords to be as secure as possible. Best practices recommends that you have a different password for every thing you log into. That can make things difficult to keep track of.

What is a Secure Password

Before we can really recommend that you use a secure password, we really should go over what exactly a “secure” password is. But even before we do that we must preface this with the following statement: a password is only secure as the person hiding it. If you tell others your password, it is no longer secure. Also, there is no such thing as a completely secure password. Any password can be cracked given enough time and resources. The real question is, do you want to make it easy for the person trying to get your password or make them work for it?

So with that in mind, a secure password contains the following:

  • A combination of UPPER & lower case letters
  • At least 1 number
  • A special character like, !, %, ^, &, *, >, ~,`, or a #.
  • Also, it is somewhere between 8-14 characters in length

Now, here is the downside, not all websites out there allow for passwords that contain special characters, so the best thing to do in those situations is to use a long password that contains letters and numbers, with the numbers placed through out the password rather than on the end or at the beginning.

Creating a Secure Password

So with those specifications in mind, how do we go about creating secure passwords that are easy for us to remember? The key is to use a password that really has nothing to do with you, this way a cracker can not figure it out easily. Fortunately for us, there are couple of websites that will help us create some secure passwords.

  • PCTools Secure Password Generator: This website allows you to get real specific about your passwords, you can choose several options and interchange them at will. You can also pick a quantity so that you can get more than one password generated at a time.
  • GoodPassword.com: Like the PCTools site, this website allows you to pick from some options for your password, but rather then get real specific you get to chose the length, and whether or not you want special characters. Also, if you have a favorite password or phrase, you can choose to create a “l33t” password out of that password or phrase. A “l33t” password is a word with some of the letters changed to numbers and special characters. This allows you to have a password you will easily remember, but is slightly more secure.

How Strong is Your Password

If you have some passwords you like, and they already contain numbers and letters in alternating case you can also check the strength of those passwords online using a couple of tools.

  • Microsoft Password Checker: I will probably take some flack for this, but it doesn’t ask for a user name and it’s done with javascript so it is all client side. Just type in the password and it will tell you it’s strength.
  • Javascript Password Strength Meter: This one is pretty nifty because it gives it a score and also a “points” breakdown about why your password is strong or weak. Again all client side so no worries about it going anywhere.

Knowing if you have a secure password can tell you if you need to utilize the password generators. If you have weak passwords, use the password generators to create a few stronger passwords.

Password Safes Preview

Like I stated earlier, best practices recommends that you have a different password for every thing you log into. That can make things difficult to keep track of. Something that can help you keep track of all these secure passwords would be a big help right? Well, there are programs out there called password safes that store passwords in an encrypted file so that you can only access the file with a password. We will be going into more detail about password safes next week, so be sure to come back for that.

This entry was posted in Security, Technology. Bookmark the permalink.