Quotulatiousness

October 10, 2009

Passwords and the average user

Filed under: Humour, Technology — Tags: , , , , — Nicholas @ 11:22

In this day of widely publicized panic about online security, it’s time we revisited the basics of password security. I’m sure that none of you reading this would ever have a less-than-ironclad routine for all your online activities:

  1. Never ever use the same password on multiple sites. Once they’ve grabbed for login for the MyLittlePony site, they’re into your bank account . . . or worse, your MyLittlePonyDoesDallas account.
  2. Always use the maximum number of characters allowed . . . I know it’s a pain when a site allows 1024 characters, but your online security is paramount. I believe most health insurance now covers carpal tunnel treatment, so you’re golden.
  3. Never include any word — in any human language — embedded within your password: this includes all the words in the Scrabble® dictionary for every known language. Can’t assume that the black hats speak English, y’know.
  4. Always use both capital and lower-case letters and include at least a single digit and a non-letter character in every password.
  5. Note: Don’t try to be clever and use 1337speak. The folks trying to crack your password all post on 4chan: you’re giving them a head-start. They dream in 1337.

  6. Change your password regularly. Daily, if necessary. Even hourly if you share a computer with others.
  7. Never, ever write your password down. That’s the first thing they’ll look for when they break down your door and trash your crib.
  8. Never, ever re-use a password. Don’t pretend you haven’t done this one. We all used to do it, until site admins started checking that you hadn’t re-used an old password.

Of course, even the professionals don’t do all of this. Some of ’em don’t do any of it. Do like the pros do: set all your passwords to “passw0rd”. Nobody ever guesses that.

For actual password advice that might be helpful, you can try this post on the Gmail Blog.

1 Comment

  1. I have to disagree, this is one area where security nerds over-engineer themselves. It’s perfectly okay to use the same password across multiple sites so long as you’re smart about it. I generally break it down like this:

    High Importance sites (bank/insurance/financials, primary/secondary/tertiary email): unique logins and passwords for each.
    Medium Importance sites (vendor/retailer sites): common login/pass only between these sites, for contact point use secondary email
    Low Importance sites (forums, spam catch-all): common login/pass for these sites only (different from medium level), for contact point use tertiary email.

    I don’t care if the Medium or Low accounts get lost or nuked. It is not going to ruin my day financially. The high-importance stuff, protect with unique logins; the rest that isn’t critical, don’t bother. Not worth expending the effort on.

    Comment by Chris Taylor — October 10, 2009 @ 13:27

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress