Passwords!*#$! Four Tips to Help Us All
/What has at least six characters, special symbols, should be more complicated than Algebra II and is harder to remember than all that stuff that was on the grocery list?!
You guessed it, the password! These days, most of us have a million of them — for computers, websites, email accounts, cell phones, social media sites, the ATM, you name it.
And on top of having a million of them, they’re all supposed to be different, changed completely every few months and — at the same time — easy for us to remember and hard for bad guys to crack. Who can keep up (assuming you don’t want them tattooed onto your body)?
With all of this in mind, we thought you might like some password advice.
So here are a few general rules and a couple of ideas from two of our own County experts:
Longer = Stronger; The 8-4 Rule: We’re often given the option to create passwords with “at least” six characters. But experts say longer is stronger. While a standard six-character password creates roughly 140 million combinations to stymie hackers, an eight-character password boosts that to 645 trillion combinations. (Sources: Information Security Dictionary; Boston University Information Security and Technology)
Many experts suggest following the “8-4” Rule. That is, make all passwords at least eight characters long; and make sure four of those characters include: one lower-cased letter, one capitalized letter, one number and one special character (!*$%). Many websites now enforce certain rules, but they’re a good idea anytime.
Words Bad; Passphrases Good: Don’t use words — even if they’re in a foreign language. That dictionary on your desk only contains about 600,000 words, a number that any high-speed hacking computer could chew through in minutes. And don’t use names of people (especially your own) or places either. So if you can’t use words to make your password easy to remember, what can you do?
Create a passphrase instead of a password. Take any sentence you’ll remember — like, “Man, I hate all this password stuff!” Now take the first letter of each word. And you have a passphrase: Mihatps. You can make that passphrase even stronger by mixing in numbers and special characters. Mihatps becomes Mih8atps! (Note: Try to avoid using common phrases, famous quotes and song lyrics.)
Strong Memories: Obviously, memory is important when it comes to a password. It’s no good if you can’t remember it, right? Here’s a tip: don’t try to memorize a password, use your own memories to create one you can’t forget. David Lindsay, Group Information Technology Manager for the County’s Land Use and Environment Group, recommends using something that “makes you happy,” something that only you know and only you think about — something that isn’t related to any of your personal information “like your children’s names, street addresses, schools, etc.” — and then use derivations of that.
Divide or be Conquered: Always make sure to use completely different user names and passwords for work and personal use. If you don’t, you’re completely exposed — on every level — if a hacker breaks your password. Mike Teays, the County’s Chief Information Security Officer, said people should really set up separate user names and passwords for their work accounts, their personal financial and health care accounts and their social media accounts if they have them. Teays said social media sites are “high targets for malicious actors.” Teays also suggested that people look to the Department of Homeland Security’s United States Computer Emergency Readiness Team website for more password security information.