Tuesday, January 16, 2007

How secure are your passwords?


If you're like me, you've got a lot of different passwords in your life. Keeping track of them all is difficult, and I'm always worried about whether I'm using passwords that are easy to steal.

Creating passwords that are hard (or impossible) to crack is not a problem. Here's a site that will create a random string of characters that I guarantee no hacker will ever guess.

But the reality is that most of us tend to use passwords we can remember. Like house123 or work246 or our birthdate or wedding date, or a mixture of things we can remember.

The problem is that if we can make sense of the password, some bad guys might be able to as well. But what the heck, is it really that important?

In a word, yes. You don't want anyone to get access to your secret stuff, like financial records, bank accounts, etc.

But as it turns out, no matter how good your password creation abilities are, there are programs out there that will likely figure out how to break in, if they can actually get access to your computers' hard-drive (either by loading a program on your harhttp://www2.blogger.com/img/gl.link.gifd drive via a virus, or stealing it.)

Wired.com had an article called "How secure is your password" recently that looked at this issue. Here's an excerpt:
What's happening is that the Windows operating system's memory management leaves data all over the place in the normal course of operations. You'll type your password into a program, and it gets stored in memory somewhere. Windows swaps the page out to disk, and it becomes the tail end of some file. It gets moved to some far out portion of your hard drive, and there it'll sit forever. Linux and Mac OS aren't any better in this regard.


Hmmm...seems like all the more reason to start using some best practices when it comes to computer security. So I went looking for some advice. Here are a few articles that I found that are good resources for creating and using passwords.

- Password - A backgrounder from Wikipedia.

- Rate your password strength - A site that evaluates how secure your password is. But don't use your actual password. Just one that approximates it - you never know for sure who's on the other end of that computer link.

- Ultra High Security Password Generator - This is Steve Gibson's password generator page. If you're looking to get a secure password, this is the place to come. He's also got some good info on what we mean by a randomly-generated password string.

- Cyber-Security: Creating a Secure Password from The Washington Post.

- Strong passwords how to create and use them - This is a good primer from Microsoft.

- The Simplest Security: A Guide To Better Password Practices - This lengthy article contains some good information, along with some excellent references at the end. It's been around a while, but the information is still good.

Hope all this helps you secure your favourite stuff.

Technorati Tag:

1 comment:

Donna Papacosta said...

Excellent tips and resources, Dave. Thanks. Today's Dilbert in the Globe and Mail is a gag about passwords, where someone "guesses" a password, which is "123."