Musings: Security, is your password confidential?

Passwords are like mysteries. If you can solve the mystery of the password, you will have the key to the locked room. For those of you who are mystery buffs, you know that the mystery of the murder in the locked room is the foundation for so many great murder mystery stories.

Unlike the murderer in a locked room story, today's intruders are virtual. They can literally get in and out of your password protected computer files as easily as ether through the air.

The mystery of your password

Is there anyone who knows your password? Is your password written down anywhere, and I do mean anywhere? Do you use any part of your full name, your user name, your address, birthday or any part of your family members' names and related information or pets names?

If you answered yes to any of the above questions you are in good company. Unfortunately this also means you are an easy target to those who would like to solve the mystery of your password. The good news is, right now, today, this minute, you can make it almost impossible for anyone, anything, even a computer virus, to get into your computer and access your confidential information.

After reading the following, you might feel that it is too much work and I would suggest that you reconsider. If someone guessed your password and stole your identity or got into your bank account, checkbook software, personal email or other confidential information, would it still seem like too much work?

If you are a business owner I would also suggest that you consider the potential damage to your business should an intruder, or an (ex)employee with a grudge, gain access to a mission critical server.

Password Do's and Don't's

Don't:

Don't recycle. Recycling is good, except when it comes to passwords. Don't recycle a password you have used in the past.

Don't use the same password in more than one place. If a particularly virulent software, or hacker, discovers your password for one application it will be as if the master key to your life has been discovered.

Don't use any part of your full name, your user name, your address, birthday or any part of your family members' (that includes pets) names and related information.

Don't use a word that is in a dictionary in any language. Here is an example of what not to do: Harold, Boots, Juice, Monster. Those are all real names / words and can easily be guessed by a person or an intruder software. Instead, drop all vowels and replace with a character and instead of an easily hacked password you would have: H*rOld3, b0490ts, J87c$y, mOnst#r. [Tip: And since these password examples are written down and published on the Internet, be sure to not use them as your own!]

Don't write your password anywhere or give it to anyone. And especially don't give it to anyone who calls or emails posing as an employee of your bank, credit card company or similar vendor!

Do:

Create a password by combining a minimum of eight characters, letters and numbers - and be sure to include both upper and lower case characters.

Change your password regularly. Most security specialists recommended that you change your password every 30 to 90 days.

-Nancy Massey

Read related articles:

Copyright © 2005-2015
Nancy Massey
MasseyNet.com, Inc.
1500 Locust Street, Ste 3020, Philadelphia, PA 19102
215-545-8541
massey@masseynet.com