News | Published March 14, 2013 | Written by Denise McKee, information security analyst

Information security: Passwords

Are you sick of hearing about passwords? All of those restrictions on what you can and can’t make your password, and then you can’t write it down. Passwords are just too difficult. You might think that passwords are difficult, but really, they don’t have to be difficult. You might have been told to never write down your password – but there are safe ways to write down your password.

Passwords are not just for work. We use passwords for home and for work. Passwords are the first and usually the ONLY line of defense we have against unauthorized access. If you had $20,000 at home, would you lock it up in a tin box with one of those little luggage locks? If you have a password that can be easily guessed that is EXACTLY what you are doing!

So now the question is - how easy would it be for anyone to get your password? Do you know? If someone wanted to crack your password, and you had a tough one – one that was 11 characters long it would only take about two months for the average computer to crack it. That’s over 80 trillion possible password combinations!

There are, of course, poor passwords, good passwords and really good passwords. The first thing to understand is that ANY password can be cracked – given enough time. That is why changing your password is a good practice. 

Common password Blunders

Using common passwords is one of the worst mistakes people can make. Some common passwords are:

  • 123456
  • Password
  • Password!
  • Password1
  • letmein
  • Iloveyou
  • Abc123
  • Asdf1234
  • Superman
  • Enter

Other common password mistakes are using any combination of:

  • Your name
  • Your spouse or significant other’s name
  • Your kids name(s)
  • Your pets name(s)
  • Birthdates for the above people

Avoid dictionary words whenever possible. Even dictionary words in a foreign language. Unless you know a foreign language that is extremely rare, dictionary words are dictionary words regardless of the language.

Avoid keyboard patterns whenever possible.

Good Password habits

There are lots of ways to come up with good passwords that you will be able to remember. Here are some tricks of the trade, and remember have some fun with this. 

Think about abbreviations in your area of expertise – use them in your passwords. Some of the common abbreviations in my world are things like ATT (at this time), RX (receive) TX (Transmit). I can use them to have a good password, like 0RXjnkM@il – that would be not receive junk mail. I used a British term for 0 –not, my abbreviation for receive (RX), removed the vowels out of junk (jnk) and substituted a special character for one of the vowels in Mail (M@il). As you can see there are no dictionary words, there are numbers, special characters, and upper and lower case letters. And…it’s something that I will remember!

Think about some of the vanity plates you have seen – 4N3L (Foreign Thrill)

Think about the new language – Text Messaging. This might not apply to all of you, but for those that understand it, you can use many of the text messaging slang and abbreviations to create your passwords.

Think about a phrase that means something to you, and use some form of this phrase. One of my favorite lines in a song is “The drummer from Def Leppard’s only got one arm”. I could turn that into *HrReEnG1r*. This is where the password reminder comes in handy. I have used the second letter from each word and capitalized every other letter.  Again, you can see that there are no dictionary words, there are numbers, special characters, upper and lower case letters. And again, it is something that I will remember!

Another trick you can use is the keypad on your phone. Spell out a word with numbers. Doritos becomes 3674261. Of course you don’t need to use long words.

Purposly missspell words! Have some fun with this one. Gud-good perpose – purpose. Spell things phonetically (foneetikly) or spell them fancy (phancy). 

Writing them down – good or bad?

Would you write down your PIN number for your debit or credit cards? Would you write the number ON your debit or credit cards? It’s much the same for passwords. Of course the best ever password practice would be to memorize a randomly generated string of characters, and a different one for each logon…and a different logon name for each account that you have…oh and then never write them down, but always know what they are. I don’t know too many people that would be able to do that. There are two practices that are relatively safe. You can write down a password hint and keep it with you. You can also write down your password and keep it sealed and locked up. Write it down, put it in a sealed envelope, put your signature over the seal, and keep it locked up. Does this mean that NO ONE can get your password this way? Of course not – but at least you will KNOW if your password has been compromised, and you can change it immediately. 

In the end

Yes, creating new passwords might seem like a nuisance. Instead, think of it as changing your locks after someone has possibly had access to your keys. Your personal information is only as secure as your worst password. Don’t be the weak link in the chain fence – use good passwords. It’s your information too!

The Foundation’s 21st Annual Golf Tournament raised $150,000 for the new Cancer Center.

More Info