Happy New Year, all. I hope you had a wonderful and safe holiday. It’s a brand new year – time to make resolutions to do better and be better people.

One resolution that we’ve talked about before is the need to make better, stronger passwords to keep your identity and your customers’ informations secure. Americans still have a nasty habit of picking passwords from the dictionary. When the system requires numbers or extra characters, we tend to add them to the end. Hackers know this and exploit the pattern when they build programs to break your password. Here are a few suggestions to make their lives harder (without making your passwords so impossible to remember that you write them down). None of these suggestions are new but hopefully this is a useful reminder.

  1. Pick a pass phrase, not a password. A good hacker can test your password against every word in the dictionary in something under 30 sec. Testing every possible combination of 7 random characters takes not that much longer. A five word passphrase, on the other hand, can not be brute-forced using current computers in the time remaining in the life of the universe. And because of how our brains are wired, phrases are much easier to remember than strings of characters.
  2. Make each password a unique variant using some personal rule about the site that you’re logging into. That way, you won’t lose everything just because the hacker cracks one site but you can still keep the number of things you must memorize to a minimum. Here is a link to one technique.
  3. Never share your password. Not to your boss, your co-workers, your spouse, no one. Nobody should know your password except you. (The only exception I allow is that parents should insist on a copy of all passwords used by their underage children. Keep it safe, though.)
  4. Make sure you’ve changed the default password on accessories like your router.

Leave a Reply