Monday, February 11, 2013

How Strong Is Your Password?

We have been doing a unit about Online Safety in technology class.  One of the most important things to consider for all of us is our passwords.  We use passwords for everything in our lives these days - banking, gaming, checking our children's grades, Google Calendar, the list is endless.  

Are you using passwords that are easy to crack?  As a rule of thumb, you should change your password every 6 months.  Did you know that when you hit 9 characters (upper case password), it will take a computer approximately 178 years to crack it?  Here are a few other tips:

  • Protect your information by creating a secure password that makes sense to you, but not to others.
  • Avoid consecutive keyboard combinations— such as “qwerty” or “asdfg.”
  • Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.
  • Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color or song.
  • Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches – HBGary and rootkit.com – showed a password reuse rate of 31% among victims.
  • Make sure you use different passwords for each of your accounts.
  • Be sure no one watches when you enter your password.
  • Always log off if you leave your device and anyone is around — it only takes a moment for someone to steal or change the password.
  • Use comprehensive security software and keep it up to date to avoid (keystroke loggers) and other malware.
  • Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
  • Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
  • Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  • Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  • Use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. The more, the merrier.
  • Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!”
  • Use the keyboard as a palate to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard.
  • Have fun with known short codes or sentences or phrases, like 2B-or-Not_2b?
  • It’s OK to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.
  • You can also write a tip sheet that will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example aforementioned, your tip sheet might read “Shakespeare’s question"
  • (taken from http://www.backgroundcheck.org/build-a-better-password-secrets-to-protecting-your-identity/)
If you are more of a visual person, check out the infographic below by SecurityCoverage.


How Strong is Your Password?

How Strong is Your Password? infographic by spacechimpmedia.