Advice on choosing a password

Submitted by Leum Dunn on Fri, 09/04/2010 - 17:22
Lock & Keys

My second article for the Norwich Evening News is now online! I have duplicated it below for your convenience but I recommend you take some time when you can to read the various 'ask the experts' articles that are available on the Norwich Evening News website. I feel that there is a good selection of help and advice being offered on a range of subjects of interest to small business startups in particular.

You can find it here:
http://www.eveningnews24.co.uk/content/eveningnews24/norwich-news/business/

Originally published in the Norwich Evening News on Wednesday 7th April 2010 - written by Leum Dunn

Passwords fascinate me. I love the psychology of them, I love their purpose as guardians and protectors and I love the way they tell me about their creators.

From your password I can tell if you have family or pets. They tell me where you went on holiday and what your dreams are.

I can tell how knowledgeable you are about IT and whether you take computer security seriously.

We all know passwords are important, but most of us consider them to be an annoyance.

Email, voicemail, phones, computers and websites all seem fond of asking us to prove our identities in some fashion and I confess I often use the same password for a lot of them.

I'm often asked how to rationalise dozens of passwords into something easier to use, whilst maintaining a good level of security. Here's my advice.

Use pass 'phrases' not pass 'words' - HowcanIhelpyou is much harder to guess than your surname.

Use capital letters and numbers to make the passphrase even harder to guess: H0wC4n1H3lpY0u

Add special characters: H0wC4n1H3lpY0u?

Avoid common passwords. 12345, abc123, letmein, opensesame, iloveyou, your name followed by a number or anything similar. These are all fairly easy to guess, particularly if the person guessing your password knows you.

Now that you know how to construct a good passphrase, you should create three passphrases using this technique.

Next, divide your virtual life between the following categories, red, amber and green, and assign a password to each.

The idea here is to use your top secret (red) password for online banking and anything which is vital to your life, your private (amber) password for websites and forums such as Facebook and your throwaway (green) password for everything else.

You should find that if you use the internet a lot you will have only one or two passphrases in the red category, a few more in amber and quite possibly dozens in green. Don't let your computer remember your red passphrase and remember to use your browser's 'in private' mode for additional security.

“Don't give your password to anyone!” has become an IT mantra in recent years.

But the point to remember here is that the guy who runs the website you just logged into could be anyone and you just gave him your name, email address, date of birth and password.

It's unrealistic to expect you to remember half a dozen or more passwords every day, but don't use the same one you use on MySpace as you do for your online banking!