In my last blog posting I mentioned passwords and Biometric Security. One thing I failed to mention was strong passwords. You don’t only need passwords for your computer(s) at home and at work, you probably also need passwords for numerous websites which require a user name and password.

Microsoft has a set of guidelines on strong passwords here: “Strong passwords: How to create and use them“, which not only covers what a strong password is and how to create one, but also how to use passwords and some general security tips. The article has six steps to creating a strong, memorable password, which is important, as it doesn’t help if you create a strong password and then cannot remember it.

I particularly like the “Password strategies to avoid” section, as they are very important, and bear repeating here:

“To avoid weak, easy-to-guess passwords:

Avoid sequences or repeated characters. “12345678,” “222222,” “abcdefg,” or adjacent letters on your keyboard do not help make secure passwords.

Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an ‘i’ with a ‘1′ or an ‘a’ with ‘@’ as in “M1cr0$0ft” or “P@ssw0rd”. But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.

Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice.

Avoid dictionary words in any language.

Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.

Avoid using online storage. If malicious users find these passwords stored online or on a networked computer, they have access to all your information.”

The main problem of course with multiple passwords is how to remember them. Microsoft suggests writing them down on pieces of paper. I would use caution with this method and keep written down passwords in a secure place. Keeping your work password under the mouse pad at work is asking for trouble.

You could of course buy a HP iPaq hx2795B PDA, which has a built-in fingerprint reader, and store your passwords on it.

Posted on April 27th, 2008 by mervyn