Computer Security: Codes and Passwords

Computer Security: Codes and Passwords
Page content

Choosing Passwords

These days, we have passwords for just about everything. You need a PIN to use your debit card or access an ATM. You need a password to log on to your bank, Amazon and other shopping sites, your favorite discussion forum, and many other websites. Remembering all of those passwords can be a major hassle! Unfortunately, this often leads to using the same password at multiple sites, which means that if someone guesses your password they can access a lot of your information. Even worse, it’s often a very weak password; believe it or not, many people actually use the word ‘password’ as their password!

Let’s look at some tips for choosing good computer security codes and passwords to keep your private information secure.

Bad Passwords

Image by flikr user .schill, used under CC licenseDefault passwords are bad. Many systems will have a default password that many people never bother to change. Which of course means that someone who knows that default can easily gain access to a number of accounts! For one extreme example, consider a story from Richard Feynman’s autobiography, Surely You’re Joking, My Feynman! A military big-shot is not available and some papers from his safe are needed; unfortunately, nobody knows the big shot’s safe combination and they’re unable to reach him. However, someone on the base happens to know the default combination on this huge, heavy, very expensive safe loaded with highly classified documents… and it turns out that the big shot never bothered to change it. Oops! Don’t make that mistake; whether it’s a wireless router or something else, if you have something with a default password and you care whether people can get in, change the password!

Hackers will commonly find passwords by simply trying every word in the dictionary; this makes dictionary words a bad idea! Particularly popular (and thus particularly bad) choices include god, love, lust, money, password, private, qwerty, secret, sex, and snoopy, but any dictionary word is a bad choice.

Other bad passwords are those that can be easily guessed, such as your zip code, birthday, kid’s names, spouse’s birthday, etc. While these have the advantage of being easy to remember (see below), they’re also easy for someone else to guess.

Choosing Good Computer Security Codes and Passwords

A good password is one that isn’t a common word or anything else someone could guess, but that is somehow meaningful to you. It doesn’t do you much good to keep everyone else out of the system if you can’t get in, either! For something like a home wireless router where it’s rare that you need to type in the password, you can get away with using a random string and writing it down, but you certainly wouldn’t want to leave your bank passwords lying around! While some people can remember random strings, most of us will probably forget them. Accordingly, the trick is to come up with a string that is meaningful to you but gibberish to anyone else.

In one Asimov story, a character had a 14-character password chosen by taking the first letter of each line of a poem; while his enemy was able to figure out the password (from knowing the approximate length and the character’s background and love of poetry), the idea still holds: choose a string of characters that refers to something meaningful. For example, suppose your wife’s name is Mary, you met her when you were 27, you went to Paris for your honeymoon, and your daughter was born when you were 32, something that you found very exciting. The string M27PF32! is thus total gibberish to anyone not familiar with your line of reasoning, but should be easy enough for you to remember.