For a quick read try: Passwords in a Nutshell.
- The stronger your password, the more difficult it will be for a hacker or other criminal to figure out. Below you will find some tips for ensuring that you have a strong password.
- When creating a password, try to be creative. The more obscure the password, the more difficult it will be to hack. Never use passwords that include birthdays, phone numbers, or anything pertaining to your life. The most common passwords are pet's names, addresses, and parts of your Social Security number. They can be guessed.
Here's how to create a password that is easy to remember but difficult to crack:
- First, invent a sentence, with numbers and proper nouns in it, that is appropriate to your own life.
- Now take the first letter of each word, convert the numbers to digits, and...
Voila! There's your password.
For example: A&Bh3fcnJP&E
That looks like a complicated password, and much too hard to remember. But it comes from "Ann and Bob have three fine children named Jason, Paul, and Elizabeth."
A password like that would be very difficult to crack and impossible to guess. However, if you are Ann or Bob, you should remember it easily!
- Never tell anyone else your password. If your computer is in a public place, or a place where it can be seen by people other than you, never write your password down near it.
- Some hacker programs will try to determine a password by trying successively aaaa, aaab, aaac,...up to zzz9, and then go on to five letters, then six, and so on. The longer your password is, the more time it will take a person to find it. Think about it—using only numbers and letters, there are more than two billion possible six-letter passwords.
- It is a good idea to use a different password for secure applications than the one you use for less secure applications. This way if an attacker manages to find out what your "home" password is, they will not be able to follow you to work and use that information against you.
- Don't take shortcuts. Type your login and password every time you need to use it. Do not let your computer auto-fill your login or save your passwords. If your password fills in automatically, malicious individuals could have easy access to all your information.
- If you are the system administrator for a business - even a small one - have your procedures state that employees must periodically change their passwords; every three months is a common frequency. That way, chances are that even if a hacker does get their password, by the time they crack it, it will already have been changed. Consider requiring that employees avoid changing their password from enterprise1 to enterprise2 or enterprise3, etc.
The CERT® Coordination Center has more information about using strong passwords.
Common places for keeping passwords
— BAD IDEAS! —
- On a sticky note, stuck to the monitor.
- On a piece of paper under the keyboard.
- In the center drawer of the table or desk.
Password Protected Screen Savers
Having a password-protected screensaver can reduce the chance that others are able to access your data. These can be set up so that they activate after the computer has been idle for a specified amount of time (10 minutes, 20 minutes, etc).
Leaving your computer available to unauthorized coworkers or family members can jeopardize the integrity of your system and the security of your network. Also, this could allow children to access the computer at times that you deem inappropriate. With this in mind, you should be cautious regarding who you allow to access your machine.
You should note however, that someone could easily bypass the password protection on some operating systems and third party screensavers with special software that exploits the "auto run" feature that most users have enabled. This bypass can be avoided by turning off the auto run feature on your CD-ROM if you are using Windows 95, 98, or ME or if you are using a third party screen saver on any operating system.
More information can be found at Microsoft's website regarding disabling auto run in Windows 95, 98, and ME.
Learn how to password protect your screensaver in:
Mac OS X