- Easy for hackers and others to guess
- Easy to disclose
[caption id="attachment_407" align="aligncenter" width="240" caption="Password (flickr credit: Bruno Santos)"]
[/caption]For picking a bad password try...
- Making your password the same as your username
- Use a meaningful name, like your name, your middle name, your mother's maiden name, or the name of your children, the name of your pets. Basically choose anything someone could read off of your facebook page. Remember if you are really tricky you can REVERSE the name. I'm sure nobody would think of that.
- Use significant numbers like a date. Your postal code, your birthday, your aniversary, your kid's birthday.
- Use 0bscenities. No decent hacker would dare type THAT. (Most password cracking software will try them early on because they are very common.)
- Science fiction terms, greek letters and mythology. Like; "Data," "Spock," "Borg" and "HAL." "Epsilon", "Venus", "Aphrodite"
- Computer terms: stay away from "keyboard"; "mousepad"; "megabyte"; etc.
- Line-of-sight terms: e.g., "Gateway" because that's the brand of your computer, or "telephone" because there is one on your desk. Though this can help you remember your password, it is a trick that password crackers are on to. To play it safe, avoid any reference to common objects found in households and offices.
- Common phrases: in particular, those pertaining to greeting or getting down to work, such as "Good morning," "Wake up", "Hey you" or "Get going."
- Anything related to your login ID: It's relatively easy for other people to get your login - don't let it provide a clue to your password! For instance, if your login is "basset" don't make your password "doglover."
- When choosing an ATM PIN, make sure that the (4) numbers you pick spell a word like "Love" (hardly anyone would think of that one... Sorry if I'm giving all your secrets away.)
For bad password management try...
- Put your password on a note and tape it to your monitor. This way an unethical coworker could read and use your account pretending to be you.
- Use the same password everywhere. This way if someone gets into one of your accounts, like an online email account, they could figure out what other services you use and use the same password to access those other services.
- Base your password on something that will change over time, like the date. "MyBrandNewPasswordFor2001" made sense in 2001, but 8 years later you may find yourself trying out all the intervening years.
- Share your password with people who need to "borrow" your accountt, then don't change the password even after it may have been discovered.
- Use an unmemorizable password like; awnf65ayr8f9as6df584 as nobody will argue that it is not secure. This way you will have to write it down. Maybe in the front cover of your daytimer, or in a file on the desktop called password.txt.
- When you forget your password, you can rely on the "security questions" like what is your favourite colour to recover your password. Choose easy or predictable security questions. In response to "what is your favourite colour?" choose "Blue" rather than Oceanic815.
- Type passwords slowly in full view of those around you.
- Never look around at ATMs for hidden cameras which may be watching the keypad.
- Do not shield the keypad when using your bank card
- Don't change passwords on electronic door locks with push buttons so the worn buttons can remind you of the numbers in your combination.
- Leave Laptop locks and safe combinations "set" so that you can open these items more easily.
There, those should be enough tips to get you started on choosing poor passwords and using them badly. I hope you found this informative despite the tongue in cheek delivery. Watch for an upcoming article on "Choosing and remembering really good passwords".
Cheers, and safe computing!
Greg.
[...] Choosing and using passwords badly [...]
ReplyDelete