Choosing Strong Passwords

Passwords are a series of characters that are used to identify whether a person has
the authority to access specific resources.This might sound like technobabble, but
it’s really not that difficult to understand.You’ve probably seen old war movies,
where a sentry asks,“Hark! Who goes there?” and then follows up with the question,“
What’s the password?”When the sentry asks who is approaching, the
person answers with his or her name.This is the same as the field on a login
screen that asks for your username or account name.While this identifies you,you might not be who you say you are.That is why a password is required.The
password is a code that helps to prove your identity, and it establishes that you
have authority to enter and use certain resources.

Poorly chosen passwords are regarded as the most common threat to network
security. Once a person accesses a computerized system using your account and
password, the system will accept that person as if they were you.The impact of
this will often depend on what the password is used for. For instance:
■ Someone with your computer or network password could access your
files, including financial records, e-mail messages, stored lists of other
passwords, and other information you want to remain private.
■ Someone with your online banking password could withdraw money,
apply for credit cards and loans, or purchase items online billing them to
your account or new accounts they’ve set up in your name.
■ Someone with seemingly less critical passwords, like chat programs,
could be a major problem, because someone impersonating you could
damage your reputation and be a source of embarrassment.
While the preceding are just a few examples, they show how stolen passwords
can affect you in a variety of ways. Unfortunately, as with many of the tactics
used in identity theft, you won’t be aware that your password has been stolen
until after the damage is done.This is why you should be proactive about protecting
your identity.
Avoiding Weak Passwords
Because passwords play such an important role in security, you should avoid weak
passwords.Weak passwords are passwords that are easily guessed or cracked with a
hacking tool.The following is a list of commonly used weak passwords. Look
them over, and see whether you’ve made the mistake of using a weak password:
■ The words PASSWORD, SECRET, PAYDAY, BONKERS, and GOD.
These are commonly used passwords, therefore easy to guess.
■ The first, middle, or last name of yourself, your significant other, or child.
■ Birthdays or anniversaries.
■ Your username, part of your username, or your username spelled backwards.
For example, if your username was JOHNDOE, don’t use
JOHNDOE, JOHND, EODNHOJ, or similar variations.
■ Repeated characters, such as AAAAAAA or 666666.
■ Consecutive letters or numbers, like ABCD or 1234.
■ Adjacent characters on your keyboard, such as QWERTY.
■ Words that describe your duties or tasks, such as MANAGER or
DEADLINE. Many people use such words that describe their job or are
stress related.
■ Words that describe your ethnicity, religion, or group affiliations, such as
ITALIAN, CHRISTIAN, or WRITERSGUILD. People commonly use
such elements of themselves for their password.
■ The current month or season of the year, such as FEBRUARY or
WINTER.
■ Words related to their favorite sport or team. For example, MAPLELEAF
or HOCKEY would be easy to guess if people knew you were a
sports fan.
■ Obscene or sexual terms.
■ Words found in the dictionary.This not only includes the English dictionary,
but the dictionary of any language. Because software is available
that will hack your password by trying every word in the dictionary,
even the most obscure word serves as a weak password.
In addition to avoiding these pitfalls, you should remember to change your
password on a regular basis. If someone has your password, changing it will
remove his or her ability to use the password from that point on. Microsoft recommends
you change your password every 45 days, but it is common for passwords
to be changed every 90 days.While you should do this on your own with
all your passwords, some networks might be configured to force you to change
your password after a period of time.
When changing your password, you should come up with a new password
each time. Many people make the mistake of recycling several passwords over and
over. If someone knew what your password was three months ago, they might try
it every so often to see if you’re reusing it. Many companies realize this and force
users to use different passwords for a certain number of changes. For example, an
enterprise might require users to change to a new password a dozen times before
a password can be reused.
You should also avoid variations of previously used passwords.A common
mistake is to use the same password, add a number to the end, and increment it.
For example, if you had the password BonGO1, you might be tempted to change
it to BonGO2, BonGO3, and so forth for future passwords. However, if someone
knew that your previous password was BonGO1, he or she might try incrementing
the numbers until they get it right.
A final mistake to avoid is using the same password in more than one place.
For example, you might be tempted to use the password for your Internet
account, network login, and e-mail.You might even use this password for different
Web sites, such as auctions, banking, or sites that offer other services. If an
identity thief gets one of these passwords, then he or she could access multiple
accounts. For this reason, you should use a different password for each account.