Monday, April 5, 2010

Create Better Passwords

No one expects to have their password jacked. That's why most people choose lousy ones to begin with. Below are the secrets to creating an impenetrable passcode for all your digital goodies:

For starters, scratch the first cutesy, memorable password that comes to mind. As technology advances, so do the tools for password cracking -- so you're going to have to pull out the big guns. Avoid any word that can be found in a dictionary. Other no-nos include using personal info (names, birthdays, etc.), or anything derived from a pattern. The more random your starting point, the better.

Step 2: Use Every Type of Character Available

Now that you're thinking outside the box, it's time to add complexity. Each addition of multiple character types (i.e., upper case/lower case letters, numbers, symbols) complicates any sort of would-be pattern. So, you'll want to use as many as possible. A good way to start is by taking a random string of letters, and then replacing some of the characters with numbers ("1" for "l" and so on). After you've got a decent letter/number mix going, go back and sporadically add symbols. If the end result looks like gibberish then you're on the right track.

Step 3: Go For Length

Committing 40 random characters to memory can be a daunting task. On the flip side, a five character password is a security nightmare waiting to happen. Ideally, you'll want to find a middle ground when it comes to length. A password that you can't remember is useless, but try to stretch your mnemonic boundaries. Taking the time to add a few extra characters outside your comfort zone can increase the number of possibilities exponentially.

Step 4: Rotate Regularly

Don't get too comfortable with your new creation. It'll only be a matter of time before it needs changing. Even though you've created the ideal 'unguessable' password, there's the still a chance that the information can be gleaned through a keylogging program or social engineering. The best way to combat this is to keep your password changing. Choosing a set 'rotation day' every month should throw any would-be snoops off the scent.

No comments:

Post a Comment