E-Mail, credit cards, bank accounts, personal company information — building service contractors have many electronic accounts storing sensitive information and each one is guarded by a password. But how easy would it be for a stranger to crack the code and plunder the secret information? Sadly, it can be extremely simple.

So, how does one go about creating a complex password? First, know what not to use.

“Never use your name, your account name, or simple English words or names — they’re too easy for someone with even minimal information about you to guess,” says Deborah Lewis, software consultant, Glaivestone Software, San Clemente, Calif. “Don’t use easily available numbers such as your birthdate, anniversary, phone, or street address — these are easy to find on the Internet and easy to guess.”

A good password is generally six to eight characters, says Lewis. Characters should include upper and lower case letters as well as numbers and symbols. It’s important to use a mixture because computer programs are available that will try various words and number combinations. Simple passwords can be solved almost instantly. However, if the password contains the recommended characters, hackers could be struggling for a number of years instead of seconds.

Hacking programs will typically try words found in the English dictionary. No matter how unrelated the word may seem to a user, if the password is a word in the dictionary and spelled exactly as it appears, it can be guessed. Lewis recommends using a phrase or pattern that can be varied for different accounts.

While these tips may help in creating a strong password, they still create passwords that may be tricky to remember, especially if one is trying to avoid writing them down. A mnemonic device is a good tip in helping to remember passwords, says Lewis. For example, the password DR@wt$ may look confusing at first, but really it is simply a mnemonic for “Dish Ran @way with the $poon.”

Keep it secret, keep it safe
To increase protection, users should have a variety of passwords for sensitive accounts. The password used to access e-mail shouldn’t be the same as an ATM code. For additional security, these passwords should never be permanent.

“It’s often recommended that passwords be changed frequently, even monthly. In practice, this is not practical for many people and is widely ignored,” says Lewis. “More practical advice is to consider the sensitivity of the account.”

Many Web sites require users to register an account to access features and personal information. For sites where users subscribe to access content or to participate in general discussion groups, password security is probably not that important, says Lewis. But for accounts involving sensitive personal or financial information, or information related to business operations, it’s critical to choose stronger passwords and change them more often, she adds.

Users generally need to change passwords frequently because they aren’t careful about keeping the password secret. Unfortunately, many people have too many passwords to remember, so they write them down. Too often, they leave them on notes stuck to their monitor or in easily accessed text files. If users must write down passwords, they should store them securely, away from computers.




POSTED ON: 10/1/2004