10 ways to avoid password headaches
August 31, 1999
by Tom Spring
(IDG) -- Passwords are the scourge of the digital age. Never mind the anguish the millennium bug is predicted to cast. Time and again, we are tortured by a multitude of passwords that force us to rack our brains for cryptic words like sn24ydo.
Get used to it, say computer experts.
Increasingly, passwords are our last line of defense protecting our computer, our finances, and our medical records. At work, we have passwords to log on to a local area network, start Windows, and do things like check e-mail and surf a half-dozen Web sites. At some companies, you can't even use the restroom without punching in a five-digit pass code.
Experts say employers have a lot to be paranoid about. Password-based attacks on small and large companies are steadily on the rise, say researchers at the CERT Coordination Center, a Carnegie Mellon University organization that collects reports on computer security problems.
The threat of large-scale computer crime is very real, and stealing passwords is one of the easiest ways for a criminal to launch an attack, according to CERT.
If you're succumbing to password overload, here are some tips and tools to help you protect and remember passwords without demanding a whole lot of mental might.
Tips and tools
"Avoid the obvious," says Corey Schou, a professor at Idaho State University and a security expert who audits businesses and government agencies for network vulnerability. Passwords such as someone's name, your birth date, or a word from the dictionary may be easy to remember, but they're also very easy to break.
"A computer is only as secure as its password," Schou says. "Don't be lazy."
Hackers have tools that can crack a six-character password in less than 15 minutes, he says.
Each password should combine uppercase and lowercase characters, and include a digit or two. Finally, your password should be at least 6 characters long, although the most secure passwords are 13 or more.
Don't be redundant
Another popular mistake is using the same password for different purposes. If you use the same password for logging on to America Online, using the office network, and accessing your e-mail account, one security breach leaves your entire password-protected life vulnerable.
Rate your privacy needs
Face it, some programs and Web sites are about as important to password-protect as your trash. There is a big difference between someone surfing The New York Times' Web site under your account name and someone sending your boss hate e-mail using your e-mail account.
Rate the level of security for different applications and Web sites. Then create a sliding security scale for the passwords you want.
For your eyes only
You wouldn't leave your driver's license on the front steps to your home, or post your Social Security number at the corner store. So, why would you keep your passwords in easy view?
Password-covered Post-it Notes litter office monitors everywhere, Schou says. And even more hide underneath keyboards. Typically, as soon the network administrator changes the password, the yellow stickies get updated. This is a computer network manager's nightmare. If you must use a cheat sheet, keep it where others can't see it, like in your wallet or purse.
You can "bury" your cheat sheet even deeper. Try keeping passwords in address books, encoded as bogus phone numbers or names. If your work password is billa3432, list a fictitious work pal as Bill Avery 555-3432, or write your boss's address down as 3432 Bill Ave.
Do it yourself
There's still hope if you should happen to lose your wallet and your memory. You can store Web site passwords inside your Netscape Bookmarks.
In Netscape 3.0 and higher you can easily stash passwords in the bookmark's Description field. First go to Edit Bookmarks, and right-click the bookmark for which you want to hide your password. Next select Bookmark Properties. In the Description box, enter your user name and password or a password hint.
Reading between the words
Schou suggests selecting a cryptic password by choosing a series drawn from the first letters of the words in a line from a poem or song. For example, "She'll Be Coming Around the Mountain" yields sbcatm.
Beware of password pirates
Don't give your password to anyone, no matter who asks for it. No matter how many times AOL warns its members about giving out their passwords, scammers posing as AOL employees still manage to trick people.
Once you click OK, another window appears that looks nearly identical to the Windows 95 and 98 dial-up window that's used to launch a connection to an Internet service provider. Once you fill in the information, the program could e-mail it to someone else.
Personal password algorithm
Create a formula for devising all your passwords. Schou suggests picking significant dates and wrapping them into acronyms that symbolize the event.
An example for picking a password for work might be choosing your fist day on the job. By taking the month, event, year, and day of the week you might end up with 10fdw92mon as a password. The 10 stands for the month of the year, October; fdw is short for "first day of work"; 92 represents the year; and mon means Monday.
You might also consider storing your passwords in a list and encrypting them using a program such as Symantec's Norton For Your Eyes Only. Numerous password utilities are commercially available. One such freeware program is Password Pal by Dotted Decimal Software, (see "Download Password Pal," link below).
Password Pal places keys on your toolbar that you click to access your passwords and log-on names. Click on the key, and up pops a box with all your passwords and log-in names. But, of course, the key itself is password-protected.
Another program, Webpass, is a $12 shareware tool from C3 Software and also available on FileWorld (see "Download Webpass," link below). Webpass will enter your password into a Web site for you at the click of a button, but it doesn't store it in password-protected form.
Status of Hotmail privacy unclear
RELATED IDG.net STORIES:
Download Password Pal
CERT Coordination Center
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.