For a quick read try: Passwords in a Nutshell.
- The stronger your password, the more difficult it will be for a hacker or other criminal to figure out. Below you will find some tips for ensuring that you have a strong password.
- When creating a password, try to be creative. The more obscure the password, the more difficult it will be to hack. Never use passwords that include birthdays, phone numbers, or anything pertaining to your life. The most common passwords are pet's names, addresses, and parts of your Social Security number. They can be guessed.
You can create a password that is easy to remember but difficult to crack by:
· First, invent a sentence, with numbers and proper nouns, that is appropriate to your own life.
· Now take the first letter of each word, convert the numbers to digits, and...
For example: A&Bh3fcnJP&E
That looks like a complicated password, and much too hard to remember. But it comes from "Ann and Bob have three fine children named Jason, Paul, and Elizabeth."
A password like that would be very difficult to crack and impossible to guess. However, if you are Ann or Bob, you should remember it easily!
Combine a group of nonsense words and a number or two. Play around with capitalization.
For example: MONKEY8baconWagon
That is a complicated password, even looks crazy, but can be very easy to use. You can even create a hint that you can write down: M8bW. Change it up to use on a different site: WagonMONKEYbacon8. Hint:WMb8. By using the same words, capitalized the same but arranged differently, you can create 24 different passwords.
- Never tell anyone else your password. If your computer is in a public place never write your password down near it.
- Use a different password for each secure application you use. If a hacker finds one, make sure they don’t have access to everything. You can reuse passwords that don’t protect sensitive information. But, make sure you know where your sensitive information is.
- It is a good idea to use a different password for secure applications than the one you use for less secure applications. This way if an attacker manages to find out what your "home" password is, they will not be able to follow you to work and use that information against you.
- Don't take shortcuts. Type your login and password every time you need to use it. Do not let your computer auto-fill your login or save your passwords. If your password fills in automatically, malicious individuals could have easy access to all your information.
- If you are the system administrator for a business - even a small one - have your procedures state that employees must periodically change their passwords; every three months is a common frequency. That way, chances are that even if a hacker does get their password, by the time they crack it, it will already have been changed. Consider requiring that employees avoid changing their password from enterprise1 to enterprise2 or enterprise3, etc.
The CERT® Coordination Center has more information about using strong passwords.
Common places for keeping passwords
— BAD IDEAS! —
- On a sticky note, stuck to the monitor.
- On a piece of paper under the keyboard.
- In the center drawer of the table or desk.
Password Protected Screen Savers
Having a password-protected screensaver can reduce the chance that others are able to access your data. These can be set up so that they activate after the computer has been idle for a specified amount of time (10 minutes, 20 minutes, etc).
Leaving your computer available to unauthorized coworkers or family members can jeopardize the integrity of your system and the security of your network. Also, this could allow children to access the computer at times that you deem inappropriate. With this in mind, you should be cautious regarding who you allow to access your machine.
You should note however, that someone could easily bypass the password protection on some operating systems and third party screensavers with special software that exploits the "auto run" feature that most users have enabled. This bypass can be avoided by turning off the auto run feature on your CD-ROM if you are using Windows 95, 98, or ME or if you are using a third party screen saver on any operating system.
More information can be found at Microsoft's website regarding disabling auto run in Windows 95, 98, and ME.
Learn how to password protect your screensaver in:
Mac OS X