A password is a string of letters, numbers and/or symbols that grants access to something private. In cyberspace, users create passwords to protect their computer systems, software and networks, as well as to access certain Web sites or portions of Web sites. Passwords protect privacy because access is limited only to the person or people who know the correct password. Therefore, passwords should never be shared with others.
Typically, a password is made up of a combination of keystokes, and it may be personalized so the user can remember it easily. For example, a dedicated jogger might make up the password "IR4o5TpW" and easily recall it as "I run four or five times per week" using the first letter in each word. A passcode, which is made up of numbers, and a pass phrase, which is made up of a phrase, are other variations.
Passwords are sometimes paired with usernames, which are unique nicknames that identify the person using the password. To log into a webmail account, for example, someone must enter a username and a password. Because they are identifiers, usernames are sometimes known by others, while passwords are important to keep confidential.
Hackers use various password cracking tactics to discover passwords and enter into computer systems, such as by using dictionary attacks, which are programs that run through every word in a dictionary. But abuse of passwords is not limited to hackers. People significantly weaken their security simply by openly sharing their passwords with others. For example, ex-boyfriends and ex-girlfriends, who have been told passwords in confidence, have been known to use their former companion's passwords fraudulently after a break-up. Similarly, people weaken their security by creating passwords that are too easy to guess, such as their name, "12345" or their birth date.
When a password is found out or "stolen," a person's privacy and security privileges are compromised. A password stolen to access the New York Times Web site, however, is a very minor incident compared to a password stolen to access an email account or a bank account. Internet users should be particularly cautious to protect the passwords that grant access to their personal and private information.
Protective Measures
To protect your privacy, create a secure password and keep it confidential.
Practices
Choose a secure password. A secure password is a password that is not easily guessed. Free online tools, such as Security Stats and the Secure Password Generator by PC Tools Software, can help you. Use the following tips to create a secure password:
- Use eight or more characters to make a long password.
- Use a combination of uppercase letters, lowercase letters, numbers and symbols.
- Use a mnemonic phrase to help you recall a seemingly random series of keystrokes. For example, "my dog ate my Algebra homework Christmas morning" can be a mnemonic phrase that translates to "mdamAh12-25AM" for a password.
- Do not use a word in the dictionary. Foreign words and a combination of two or more words are not safe either.
- Do not associate your password with any identification information, such as your name, birthday, address, etc.
- Do not use your username, account name or a blank as your password.
Memorize it. Others may be able to find passwords you have written down or stored on your computer. If you must record your passwords, be sure to hide your records well. Also, it is not advisable to allow your browser to "remember" your password so you do not need to enter it. Password security tools, such as RoboForm and PSynch, exists to help users keep track their passwords.
Keep it private. Do not tell your password to anyone. Additionally, make sure no one is watching you type as you enter your password.
Change it periodically. Change your password every six months, or more often for increased security.
Create a different password for every use. By using a different password for each use, your security is not completely compromised if someone is able to crack one password.
Tools
- The Importance of Password Security (Surveillance-Video.com)
- Secure Password Generator (PC Tools Software)
- RoboForm
- PSynch
Default Passwords
Database software, mobile devices, routers and other systems come with a default account created in them by the manufacturer to provide the consumer with an initial configuration. However, the default account is a very convenient point of attack for a hacker, so it is the responsibility of the person who is setting up these systems to change the default account. If you are setting up a router at home or in a small office, it is highly recommended that you change the default password to something unique and secure. If you want even greater security, then delete the default account altogether and create a new account that has the added security of both a unique user ID and password.
The default password for Nokia phones is either "12345" or "0000". Oracle has many default accounts (around 600), with various login names and passwords, which are different points of entry and give access to all or part of the database. Default passwords are well-known to hackers. A hacked database or network is one of the worst things that could happen to a company.
References
- US-CERT
- Password (Wikipedia)
- Strong Password (Microsoft)
- Ways to Remember Your Passwords (SoundPuzzle)
Print view
Email to a friend
Submit to Reddit
Save to del.icio.us
Submit to Digg.com
Stumble It!