Be Safe – Write Down Your Passwords

The world is full of advice that on the face of it seems reasonable, responsible and accurate. You know how it is – if you hear it often enough then it must be true.

image How many of us are ever likely to forget our Mother’s advice – dress warmly in the cold, or you’ll get sick? Advice, as it turns out, that has been debunked by the medical community. Despite this, most people, that I know, still believe Mom’s advice.

One piece of computer security advice that you’ve likely heard over and over again is – don’t write down your password/s. The problem is; this piece of advice couldn’t be more wrong. Just like Mom’s advice though, it seems reasonable, responsible and accurate.

Here’s the dilemma we face. Complicated, in other words, safe passwords are hard to remember, whereas easy passwords, in other words unsafe passwords, are easy to remember. No surprise then that most computer users’ employ easy to remember, and unsafe passwords.

You know the kind of passwords I’m talking about – obvious passwords, like your first name or your wife’s name, child’s name, date of birth date, etc. – passwords you’re not likely to forget. And that’s the problem – there’s no point in having a password at all if cyber-criminals will have no difficulty in figuring it out.

Cyber-criminals use simple processes, all the way to highly sophisticated techniques, to capture online passwords as evidenced by the Hotmail fiasco earlier this week, in which an anonymous user posted usernames, and passwords, for over 10,000 Windows Live Hotmail accounts to a web site. Some reports indicate that Google’s Gmail, and Yahoo’s Mail, were also targeted.

Not surprisingly, 123456 was the most common password captured, followed by (are you ready for this?), 123456789. Some truly brilliant users used reverse numbers, with 654321 being very common. Pretty tricky, huh? I’m being a little cynical, but..

I know that on the face of it, writing down your password seems counter intuitive and flies in the face of conventional wisdom, since the issue here is one of security and safety. But ask yourself this question – is your home, office, wallet etc., more secure than your computer? If the answer isn’t “yes”, then you have additional issues that need to be addressed.

While it may be true that you don’t want your wife, lover, room mate, or the guy in the next office, to gain access to your written list of passwords – and writing down your passwords will always present this risk; the real risk lies in the cyber-criminal, who is perhaps, thousands of miles away.

image Computer security involves a series of trade-offs – that’s just the reality of today’s Internet. And that brings us to the inescapable conclusion, that strong passwords, despite the fact that they may be impossible to remember – which means they must be written down – are considerably more secure than those that are easy to remember.

Here are some guidelines on choosing a strong password:

Make sure your password contains a minimum of 8 characters.

Use upper and lower case, punctuation marks and numbers.

Use a pass phrase (a sentence), if possible. However, not all sites allow pass phrases.

Since brute force dictionary attacks are common, keep away from single word passwords that are words in a dictionary.

Use a different password for each sign-in site. This should be easy since you are now going to write down your passwords. Right?

There are alternatives to writing down your passwords of course, including Password Safe, an excellent free application. As well, a number of premium security applications include password managers.

If you have difficulty in devising a strong password/s, take a look at Random.org’s, Random Password Generator – a very cool free password tool.

As an additional form of protection you should consider the Firefox add-on KeyScrambler, which will protect you from both known and unknown keyloggers. Personally, I wouldn’t think of signing on to the Internet without KeyScrambler being active.

For additional info on password management, checkout Rick Robinette’s “PASS-the-WORD”… Basic password management tips” Many regular readers will remember that Rick is a very poplar guest writer on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Advertisements

10 Comments

Filed under Don't Get Scammed, Don't Get Hacked, downloads, Email, Firefox Add-ons, Freeware, Internet Security Alerts, Online Safety, Safe Surfing, Software, Utilities, Windows Tips and Tools

10 responses to “Be Safe – Write Down Your Passwords

  1. g

    I’ve been trying out an online FREE encryptor called Clipperz. I like it!

    http://www.clipperz.com

    • Bill Mullins

      Hey G,

      Thanks for this – will check it out.

      Good to hear from you – trust everything is cool on your end.

      Talk to ya later,

      Bill

      *Note to readers:* Glenn is a frequent guest writer on this site, so if he recommends an application, it’s definitely worth a look.

  2. clickstudios

    Hi,

    We make a product called Passwordstate, and it’s free for up to 10 users if anybody wants to try it out – http://www.clickstudios.com.au

    Mark

  3. freewareelite

    Easy way to remember passwords…

    First add the site’s name to the start of your password and use the techniques above…

    The letters after the sitename can be the same for all your passwords if you want.

    E.g. For your Gmail account, you could do this

    GMA-bm1sgr86a

    What does it stand for??

    “GMA” means “Gmail”
    “bm1sgr8” means “Bill Mullins is great”
    “6a” are random letters for security.

  4. Regardless of software encryption and technology I still keep my passwords on a sheet of paper…..away from the old lady of course!

  5. Pingback: Geek Squeaks’ of the Week (#32) « What's On My PC

  6. Cappydawg

    Hi Bill,
    I do write my passwords down in an address book that has moveable pages just like a looseleaf. I have been using this method for years. Of course I don’t carry it around with me it is a stay at home book. I have been using Keepass on usb for traveling and do like it a lot.