|
What makes a "strong" password?
- Length - A minimum of eight characters for accounts you care little about; and 16 characters for passwords that access sensitive, private information.
- Complexity - Use upper and lower case, numbers as well as letters, and special characters.
- Uniqueness between accounts - Don't repeat the same password.
- Frequency of change - Change passwords at least yearly; more often depending on the sensitivity of the account.
What is meant by good "user practice?"
It's really simple - keep your passwords to yourself:
- Don't write them down;
- Don't share with anyone.
Note: Organizations should never ask for your passwords. There is no "technical" reason to disclose them, so don't! Be very suspicious of anyone who asks.
“Best Practices” for account security dictate that passwords be long, complex, and unique. In some ways, this is one of those “pick any two” situations - but it doesn't have to be. The following technique is offered a means to accomplish all three.
1. Choose a passphrase Meat and potatoes for dinner.
( A passphrase is simply a sentence that you can easily remember.)
2. Add complexity M3at&potatoes4dinner!
This becomes a “root passphrase.”
3. Develop a convention for appending unique characters to the root passphrase based upon the site being accessed. A simple convention would be to take the first and last character of the site name, and append these characters respectively to the beginning and ending of the root passphrase. For example:
Site Convention Characters |
Resulting unique passphrase |
Amazon A n |
AM3at&potatoes4dinner!n |
Ebay E y |
EM3at&potatoes4dinner!y |
Cabelas C s |
CM3at&potatoes4dinner!s |
Woot W t |
WM3at&potatoes4dinner!t |
Through this method, the essential aspects of a strong password are realized:
- Length
- Complexity
- Uniqueness
And with this convention, you can have total recall of passwords, even on those accounts you use infrequently.