Password renewal has been very much in the news last week because of the Heartbleed bug-see out blog post Heartbleed in the news. The dilemma is to choose a password that is both secure, difficult to break by the code breaker robots, and memorable for humans.
A birthday, spouse, companion, family member are all memorable, but are not secure, even after making a few minor changes like replacing certain letter by numbers. A random combination of letters, numbers and signs as we see by computer generated passwords are much more secure, but no good for our human brains. So what happens? We write them down somewhere in our computer as a list or in our address book for example. But those lists and/or data are not secure unless behind a password. Back to start without collecting.
We cannot protect ourselves 100% but we can do a few things to make it harder on those trying to get in.
- Avoid using short words. The more elements the intruder has to compute to break the password the more difficult it will be for him to compute it. Make your password between 8 and 12 characters long.
- Avoid words from the dictionary. Use made up words like nicknames or family expressions.
- Add complications by changing certain characters with numbers and/or special characters, ?&*!!!
- Passwords can also be pass phrases adding to the complexity. In this case you should try to avoid the fairly obvious adjective-noun or adverb-verb construction.
- Store your passwords in an encrypted file accessible only with a master password, not on emails or other support that are freely accessible on your computer. There are good tools to store and organise your passwords, such as KeePass, LastPass and 1Password. They will also create computer generated passwords with varying degrees of complexity
Security can be irritating. But we do require security, and at the same time we want things to be easy. So we compromise and sometimes compromise our security. Better be safe than sorry!