Your Password Sucks!

Monday, April 2nd, 2007
by usrbingeek

I bet you’re using your partner, child, or pet’s name, maybe followed by a number as your password. And, if you’re using the same weak password everywhere you might as well get it over with now and just hand over your wallet to a malicious hacker. Oh and you don’t need to bother telling them your ATM pin code as they can guess that too!

One Man’s Blog is explaining in How I’d Hack Your Weak Passwords and odds are, once someone has one password, they typically have access to everything, as most people don’t use different passwords for every web site and service like they should.

Everyone should be using complicated passwords, yes that are impossible to remember, and you must use different passwords for each and every web site. I know this sounds impossible to do but it’s not once you get used to it.

The best passwords use a combination of lower case and upper case letters with numbers mixed in. Avoid using names, phrases, or words as the more random the password and longer it is, is the longer it takes someone to crack it using password crackers.

Once you start practicing this you’ll need a way to securely keep track of all your passwords. The best way to do this is to put them in an encrypted file and keep it backed up on a USB key and/or PDA. Once you have all your passwords encrypted safely, you only need to remember the one password for it and can then copy and paste your password each time you need it.

Mac users have Keychain which is included in Mac OS X. If you’re a Windows user, I recommend eWallet which syncs with most PDAs and Smartphones.

It is not a good idea to let your browser store your passwords as most malware emails those stored passwords to the malware author immediately upon infection.

[via Lifehacker]

Tags: password, passwords, password manager, ewallet, password managers, keychain, ewallet, security, encryption, malware

10 Comments

Syaf The Geek

April 2nd, 2007
at 9:15pm

Since creating a password is complicated nowadays, user should combine numbers and letters to make it hard to crack or guess. Damn it is hard, I admit it hehehe.

Anonymous

April 3rd, 2007
at 4:05am

Generally I do not post these comments but I cannot resist giving a little bit of advice here.

For those of you who struggle to come up with decent passwords, try this. Come up with a sentence something like, “I work at JC Pennys in Atlanta Georgia.”

To make a very strong password that is easy to remember, take the 1st letter of each word in that sentence and use it as your password. In the example above this would equate to “IwaJCPiAG”. Feel free to add a * or a & to the end of your password for even greater strength.

Good luck!

Regards,

Anonymous

Hogan

April 4th, 2007
at 7:22am

Paranoid Propaganda! Funny I have been using the same passwords for 15 years, on my webserver, mailserver, FTP, all admin logins, everywhere. NOT once have I had it jeapordized.

FEAR FEAR FEAR! Sells better than SEX!

Albrecht Gorthog

April 4th, 2007
at 10:17am

A technique that works well for me is to use the first letter of each word in a short nonsense phrase followed by a number and the domain name of the site requiring the password. For example, at www.abc.com I would combine the first letter of each word in ‘My dog has fleas’ with the year I my dog was born (2001) and the domain name, resulting in the following secure password: Mdhf01abc.

JT

April 4th, 2007
at 1:01pm

Change your passwords now. Check out this site for states on how fast they can be cracked.

http://www.lockdown.co.uk/?pg=combi&s=articles

You’ve been warned!

How to Choose a Password That Doesn’t Suck

April 5th, 2007
at 2:09pm

[…] In “Your Password Sucks!“, Steve Mermelstein laments over bad passwords, and offers some suggestions for composing and remembering better ones. “Once you start practicing this you’ll need a way to securely keep track of all your passwords. … Mac users have Keychain which is included in Mac OS X. If you’re a Windows user, I recommend eWallet which syncs with most PDAs and Smartphones. […]

Julie

April 6th, 2007
at 12:31pm

Hi,

I just wanted to say thanks for recommending eWallet, and to also let you know that there’s a built-in password generator in eWallet that can help you make good passwords, so your passwords will never have to suck again!

There’s even a web version of the password generator that you can find here: http://www.passbuilder.com

Thanks again,
Julie Van De Water
Ilium Software

Bhavz

April 20th, 2007
at 7:50pm

One other way to fo about securing your passwords is using a Password Manager. I particulary like the Free
Password Manager by Billeo, it comes with some neat features, I have been using it for 2 years now, and it works well.

Chris

May 17th, 2007
at 6:15am

I’ve come up with a slightly different approach. I use made-up words with easy-to-remember sounds, then, just to be sure, I google these words to make sure there are no hits. Then to be even more sure, I throw some numbers in that look like the letters, like the l33t gamers do, as in “pa55w0rd”. After all that, with a few simple mnemonic devices, I can remember all these passwords easily, and I don’t need a keychain or a bunch of scraps of paper in my wallet.