US-CERT Cyber Security Tip ST04-002 — Choosing and Protecting Passwords


US-CERT Cyber Security Tip ST04-002 — Choosing and Protecting Passwords

Hey everyone,

This article is about choosing and protecting your passwords.  They describe why you should have passwords, and why it’s important to make sure those passwords aren’t easily guessed.

A couple of more things to add to this article are these.  Make sure the minimum length of the password is at least 6 or 7 characters.  Along with this, the longer the password, the better.  One of my coworkers has a password that’s about 20 characters long.  It’s probably something easy, but the time it would take to crack a 20 character password is astounding anyhow.  Unless it’s the first 20 letters of the alphabet.

The second thing I would add is to change your passwords every 90 days or so.  Even if the site or program doesn’t require it.  The longer you have the same password (no matter how strong it is) the more chances someone has to crack it.  Windows can be configured to force you to do this, in certain cases.  So can Linux and Mac OS.  Or, if your company requires you to change it every 90 days, then you should change all of your passwords at that time.  I wouldn’t recommend using the same password for work and everything else, for the exact reasons given in the article.

So, you’re probably saying to yourself “I’ve got 50 things that I use password for.  How do you expect me to keep track of them all?”  We don’t.  Well, I don’t at least.  There are programs out there that keep track of them for you.  They require you to remember one single password (the vault combination) in order to get in.  Then you pick the password that you need, and it copies to your clipboard.  One main concern that you should have is how long the password remains in the clipboard.

Some of these programs are Symantec’s Norton Confidential, McAfee Privacy Service, KeyWallet, or Password Safe (which is the one that I use).  I won’t recommend one over the other.  I’ve dabbled with an older version of Norton’s inside of their System Works Software, but never actually used it.  The other two are ones that I just found while researching this article.  If you’re a fan of Symantec or McAfee, then I would say use theirs (especially if it comes inside of a suite that you’ve bought).  Otherwise, I would say try KeyWallet or Password Safe.  Or research “Password Managers” and see what’s out there.

My next article is going to be over “Shopping Safely Online”.  Have a great weekend everyone.