- May 10, 2010
- Posted by: Paul Avolio
- Category: Information Technology
Passwords are a necessary evil. They slow us down and get in the way when we want to just “get some work done”. I can’t tell you how many times I have heard from a friend or client “can’t we just not use passwords?”, “why do we need them anyway?”. Why indeed. Passwords provide a method of identifying who you are. As an analogy, imagine that someone walks up to you and starts talking to you. They start off by saying “Hi, I am you friend Mary”. Now if you can see her face and you know her voice you know who Mary is and the rest of the conversation flows easily; you know what information you can and can’t share with Mary. Now pretend that you are blind and that everyone sounds the same. How would you know that was Mary you were talking to? Just from her telling you who it was, what is to stop anyone from just starting off the conversation the same way? You would have no way to confirm that you were talking to Mary.
This is how computer systems work. Your password is there to let the systems know who you really are. Without them anyone could pretend to be you. This brings me to the second comment I often hear, “I don’t need strong passwords, who cares what information I have?” It is true, your information may not be what they are after, but impersonating you may be what they want. For instance, maybe they want to use your e-mail to send SPAM to all your friends, or maybe they want to use your computer as a remote drop-point to move illicit data (credit card numbers, copyrighted data, or worse). Even if you are not the one doing it, suddenly you are an unwilling accomplice. So, even if you don’t think you have anything anyone would care about, you do.
So, with all that said, how do you protect yourself without driving yourself crazy? There are a few steps that you can take to create passwords that are both strong and easy to remember and we will go over those in a moment. The second thing is where and how you store your passwords.
There are several ways to create a strong password (I will go into the technical details of why longer passwords are good in another article). The three methods I recommend are the passphrase, initialization and word combos. Passphrases are just that–a phrase where you would normally use a word. Initializations are groups of initials (first or last) from a phrase or sentence. Word combos are groups of two or three words preceded, connected or followed by numbers or special characters.
Here are some examples of the three types of passwords we like our customers to use:
Initialization: bdiggsfL34! (note: these are the initials to the words in the previous passphrase example)
Word combo: AwesomeService!
While the passphrase is a bit much to type it is by far the most secure. I used mixed case letters for the example to help highlight the words, but in a passphrase of this length it does not matter much if you have a mix of upper/lower/numbers/etc. These are all great passwords and the word combo and the passphrase are nearly unbreakable as Windows passwords.
Now that you know how to create a strong password where do you store it in case you do forget it? One way is to store them the old-fashioned way, paper and pen, and keep that paper in a safe place (lockbox, safe, under the bed, etc.). This is good, but not always convenient. Another method is to use a password storage program. This allows you to have one master password that unlocks all of your other passwords. There are several applications for Windows and Mac platforms that can take care of this for you. These keep your passwords safe in an encrypted file that you can backup to a flash drive or print a hard copy backup of your list. These systems are very useful if you do most of your work from one computer. Don’t confuse this with the built-in website password storage in most web browsers. Web browser storage is not encrypted by default and is the first place a virus will look if your computer gets infected.
So, today we learned to use passwords, make them strong and store them should you forget them.