I recently read an article about Facebook security problems at http://www.securitymattersmag.com/security-matters-magazine-article-detail.php?id=411 in which some advice on passwords was given.
Some of the advice was quite good, but some was a bit shaky. I’ll go through the tips and tell you what’s hot and what’s not!
- Use a combination of uppercase and lowercase letters, symbols, and numbers
Warm: If you have a password of less than 12 to 14 characters then the combination of numbers, symbols, upper and lower case letters. For longer passwords the need for all of these characters is far less. A 20 character password with all lower case letters is generally better than any 10 character password. Adding symbols and numbers does increase the strength of the password, even for long ones though.
- Make sure your passwords are at least eight characters long. The more characters your passwords contain, the more difficult they are to guess
Warm: Eight characters is not sufficient unless you have no other choice. The more characters the better though.
- Try to make your passwords as meaningless and random as possible
Cold: the password can be meaningful to you if it is long enough
- Use different passwords for each account
Hot: If you use the same password for multiple accounts then if the password is compromised all of those accounts are compromised.
- Change your passwords regularly. Set up a routine, changing your passwords the first of each month or every other payday
Almost Hot: The frequency with which you need to change your passwords depends upon what you are protecting and how good your passwords are. Typically every 6 to 12 weeks is sufficient for reasonably good passwords.
- Never write your passwords down, and never give them out—to anyone.
Cold: If you have complex, separate passwords for everything, you are not likely to be able to remember them all. Writing the passwords down is not the issue, it’s all about where you keep what you wrote it down on! Do not share your passwords with others though!
- Don't use names or numbers associated with you, such as a birth date or nickname.
Cold: Don’t use just your birthdate, but a passphrase of “On January 3 I landed on earth” is a very good password, even if your birthday is January 3.
- Don't use your user name or login name in any form
Cold: Given a long password you can. For a short password this is good advice though.
- Don't use a derivative of your name, the name of a family member, or the name of a pet
Cold: Don’t use the name alone, but something like “Rover bit John’s hand” is a fine password (passphrase).
- Avoid using a solitary word in any language
HOT HOT HOT: A solitary word is a terrible password that is easy for a computer to guess.
- Don't use the word password
Cold. You can use the word password in a sentence. “I hate changing my @%&$ password” is a fine password (passphrase)
- Avoid using easily-obtained personal information. This includes license plate numbers, telephone numbers, social security numbers, your automobile's make or model, your street address, etc.
Cold: Again, don’t use it alone, but in a sentence it is just fine.
- Don't answer yes when prompted to save your password to a particular computer. Instead, rely on a strong password committed to memory or stored in a dependable password management program
Hot: This is great advice.
Randy Abrams
Director of Technical Education