One good password is better than several really bad ones

Secure password of the week

Earlier this week, the Boston Globe made headlines (literally) by suggesting that computer passwords are a waste of time, which many took as permission to ignore all the how-to-build-strong-passwords advice we get these days. If you actually read to the end of “Please do not change your password”, you would have learned:

Although coming up with a sensible list of security actions was not a goal of Herley’s research, he does have some suggestions based on personal experience. Start with bullet-proof passwords, he said, even if your employer requires you to periodically reinvent them or use too many (he juggles about three dozen as part of his work).

The article actually suggests that it’s all the crap that corporate IT piles atop the basic passwords-antivirus-firewall combo that wastes our time. If someone picks a solid initial password, asking him to pick another one every 30 days just leads to him forgetting his passwords and writing them down on Post-It Notes stuck to his monitor, which is like locking your door and leaving the key in the doorknob. Pick a good password to start with, keep it in your head, and don’t use the same one for any two services. That last bit is the most important, because if a hacker compromises any single password, the first thing he’ll do is try the same password on every other account or service you have. Don’t let a crappy Facebook password lead to someone hacking your online bank account.

So what constitutes a strong password? Don’t make it any of these ten things, which are defined (by Lifehacker by way of John Pozadzides) as weak passwords hackers try out first:

  1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. “password”
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner’s or your child’s.
  7. “god”
  8. “letmein”
  9. “money”
  10. “love”

About a fifth of you are saying crap, I use those passwords, aren’t you? In this case, you actually should change your passwords. And if you’ve been using a weak password or three for a while, might we suggest you change them fast — and that you establish a really good backup plan.