Dan Wons
This childhood joke popped into my head the other day as I was working on strengthening the password policy at work. Of course, everyone is afraid of 7 because 7 ate 9. It was suggested to me that we should increase the minimum length of our passwords from six characters to eight.
I had to ask if it really made that much difference. The answer was a resounding yes, and as it turns out, the longer the password gets the exponentially more difficult it is to hack. For example, even a simple all-lower case 8-character password has 200 billion more possible combinations than a 6-character password. If you are wondering why your work or bank is asking you to use upper and lower case letters along with some numbers and special characters, it’s because there are over 7 quadrillion possible combinations for your password with those parameters.
It’s important to keep your password safe, secure, and difficult to guess. Your password is often the last line of defense in keeping your information safe. If someone knows your password, either by you sharing it or them hacking it, there is no stopping them from logging into systems as you and then doing whatever they want. The troubling thing about this is that their actions will look to the computer system as if you are the one performing them. They could clear out your bank account, order 200 lbs of cheese, send offensive emails to the CEO, etc. Think of how many website passwords you have: iTunes, Facebook, Twitter, newspapers, your bank account, health insurance websites, etc. Do you have the same password for all of them? Is it the same password you use at work or at home to log into your PC? Are all the sites that you input a password into secure? If you are using the same password across all sites, you are putting all of your personal information, as well as your reputation, on the line.
Here are some best practices for choosing secure passwords:
• Never write it down and/or leave it near your PC.
• Don’t use the same password across different sites.
• Don’t use personal information in your passwords (like children names, or birthdays).
• Use a combination of upper and lower case alphanumeric characters.
• Use special characters, if allowed (!@#$%&, etc.).
• Change your password often, every 90-180 days is best practice.
• When changing passwords, don’t just add numbers to the end of the last password.
I can tell you why I am afraid of 7….that’s how many websites I use 8 character passwords made up of my son’s birthday and daughter’s name….and I haven’t changed that password in over 9 years. Time for me to make some changes!
BTW, did anyone know that its National Cyber Security Month?
Related posts:
- Why is IT trying to ruin my life? Part 1: patching This guest post was written by Dan Wons, Vice...
- Why is IT trying to ruin my life? Part 3: Preventing software installations This post was written by Dan Wons, Vice President...
Dan, thanks for contributing this post to the blog. My Twitter account was hacked today and a spammy direct message was sent to hundreds of people with my name on it. So password security is very much top-of-mind for me today.
My Facebook was hacked into and all my friends with names starting with A, B, or C got told to try out new products to lose weight! Definitely very annoying to have to remember so many passwords, but much safer.
One good idea I read the other day:
Take a sentence you’ll remember with at least 8 words in it. Then use the first letter of each word in the sentence to make your password, substituting one of the letters with a number and another with a “special character” (shift number). Put an uppercase character in the middle of the password, not at the beginning.
One final thought, don’t use a word you would find in a dictionary or a proper name for your password.
[...] stolen by a hacker. Not patching leaves your PC/Server/Mac more vulnerable. Couple this with an insecure password and your personal information/identity is at an even greater [...]
Social comments and analytics for this post…
This post was mentioned on Twitter by jaykrall: Why is 6 afraid of 7? On the ever increasing length of passwords http://budurl.com/6pvu...