Thursday, September 5, 2013

The Problem with Passwords

I do not like passwords. It is a question of convenience versus security. It is a classic case of contradictions. Here is why.

Passwords should be easy to remember but hard to guess

The best candidate for easy to remember passwords are personal details like names or birthdays. However, they are the easiest to guess, especially for people who post their personal details on facebook. If you really want to use personal details, then you can do the following to turn them into a complex password.

1.       Capitalize some of the letters.
2.       Include numbers and symbols.
3.       Convert some letters into numbers.
4.       Make it at least eight characters.
5.       Convert numbers into words.
6.       As an alternative, you can use brand names of your favorite stuff.

Passphrases—the better alternative

Walt Nelson, our 4D database mentor back in 1990, taught us to use long phrases for passwords. His suggestion still applies today. Phrases can be a quote, the title of a movie, an old TV show, or the title of a book. Just add some numbers or symbols to comply with website requirements.

Testing your passwords’ strength

Here is a Microsoft page that allows you to check for password strength:

Below are some passwords that I tried and their corresponding strength in parenthesis:

All in 1 Day's Work! (best)
P@ssw0rd! (medium)
65FordMustang! (best)
becarefulwithmyheart (strong)
Fast and Furious 2013 (best)
My 2013 Security is Lame! (best)
April One 2013 (best)
Multiple Passwords (strong)

Managing multiple passwords

Using the same password for all sites is quite risky, but remembering multiple secure passwords is not easy. One way of remembering them is to think of characters that you can easily link to the specific website then adding that to your standard password. It will not be as strong as a unique password, but it is better than using the same password for all websites and is easier to remember too. Examples are as follows:

bee + password (BPI)
password + Oh (BDO)
fez + password (FB)
yo! + password (yahoo)

Some techies recommend using password managers. As long as the encryption happens on your device and you do not save the key then you are probably safe. If you really want to use it, choose one from a reputable developer.

Securing your email

What is the normal procedure for recovering forgotten passwords in most websites? Password reset via email. This means that anyone who has access to your email has the capability to hijack your accounts. So how do you secure your email account?

1.       Create a separate email account exclusively for financial matters and never publish it.
2.       Create an email password that is different from your other website passwords.
3.       Never leave your email client open when you are away. Anyone can request for a password change on your other website account and approve it on your open email client.
4.       Never click the Save Password option, not even on your home computer and most especially not on your mobile phones and tablets.


No comments:

Post a Comment