August 13th, 2004, 06:50 PM
Tips for Creating and Protecting Passwords
1. Never use a real word for a password. There are password cracking programs that try every word in a dictionary. The average desktop computer can search an English language dictionary in minutes. Since English has more words than any other language, it may take even less time to search other dictionaries.
2. Never use fewer than 8 characters in a password. Even if you use numbers and special characters (periods, ampersands, etc.), it takes a few hours at most to try every possible combination of values in short passwords. (Special characters are usually not allowed in passwords).
3. Never use proper names such as your children, hometown, pets, business... If the cracker knows you he will try those too.
4. You can create a memorable, semi-random password by using the first letter of each word in a favorite quotation or song lyric. Or the second letter...
5. If the application allows very long passwords, you can use a pass phrase such as "1906_San_Francisco_earthquake" or "1906SanFranciscoearthquake." Longer is safer even if you use common words. The disadvantage, of course, is the time it takes to type a long password.
6. Record the password and store it away from your computer. You will forget it.
7. Don't tell anyone your password! More passwords are defeated by "phishing" than by cracking. A phisher gives you a plausible reason for revealing your password, often by claiming your records have been lost. They use web sites and forms that appear to be legit so beware.
8. Ideally, use different passwords for each account or application. At least use unique passwords for financial accounts. At some point, you will probably have to tell someone a password for a business or school account. You don't want that person to know the password for your ATM or Paypal account.
9. Don't ask us to help crack a password. We have no way of knowing whose password it is.
August 28th, 2004, 03:46 PM
An important point for people using not using the US keyboard layout...
The keyboard settings in Windows NT / 2000 / XP do not take effect until after logon. Until then the US keyboard layout is used. Anyone not using a US keyboard who wishes to use a strong Windows password with non alphanumeric characters would probably be better of not using the following characters:
# £ @ " ~ | ¬
Otherwise you may experience problems logging into Windows.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)