Passwords: secure but not forgotten10 August 2005
According to a new report from Lloyds TSB, a fifth of the population say they have chosen passwords as obvious as their own name, and almost three quarters (71 per cent) admit to using the same password for several websites. With so many passwords it is perhaps not surprising that many choose ones that are easy to remember.
Write down passwords?
The problem with easy to remember passwords is that they are also easy to guess or crack. This has led security expert Bruce Schneier to fly in the face of convention and take the bold step of recommending we all write down our passwords and keep them in our wallets or purses.
"Choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their valuable passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper -- in their wallet," the founder and chief technology officer of Counterpane Internet Security, said.
Jesper Johansson, senior program manager for security policy at Microsoft, agreed. "If I write them down and then protect the piece of paper - or whatever it is I wrote them down on - there is nothing wrong with that. That allows us to remember more passwords and better passwords," he said at a conference hosted by Australia's Computer Emergency Response Team.
Whether or not you decide it is the best way to protect your online security here are a few password pointers to make sure your passwords aren't forgotten or cracked.
Password tips
- Don't use words in any dictionary, in any language; hackers use software that can rapidly guess passwords based on words in the dictionary.
- Do choose 'strong' passwords for any sites you use and change them regularly.
- Do use a combination of letters, numbers and symbols.
- Always log off when you have finished using a site and close your browser to prevent others gaining access to any personal details online.
- Don't keep a record of your passwords on your computer - this is susceptible to hacking.
- Don't use information easily obtained about you. This includes telephone numbers, National Insurance numbers, the brand of your car, the name of the street you live on, etc.
- Don't choose or change your passwords on a computer or in a public place such as an Internet cafe.
- Don't use your login name in any form (e.g. reversed, capitalised, doubled).
Creating strong passwords
With all the above considerations it may seem like choosing a decent password is almost impossible. But don't despair; here are three good methods for creating strong, memorable passwords;
- Use lines in poems - Choose a line from a song or poem, and use the first letter of each word. For example: "It is an ancient Mariner, and he stoppeth one of three" becomes "IiaaMahsoot".
- Alternate consonants and vowels - Alternate between one consonant and one or two vowels. This provides nonsense words that are usually pronounceable and easy to remember. For example "tutikes" or "golesap".
- Concatenate short words - Add short words together and use punctuation to link them. For example: "cheese?atlas", "queen)scissors" or "boat+brawl".
For ultimate convenience, why not download one of the may free password management software applications available on the web such as Robo Form or Password Agent. These applications store your passwords in an encrypted file on your PC and Some will even auto-complete forms on the authentication page of a secure site you have stored details for.
