The importance of having strong and varied passwords

Some of my friends say I'm mad because I usually have a different password for each website, service or system I register into. And while I understand that it is not easy, having at least different passwords for important sites, normal sites and crappy sites (the more levels the better). But even if you have a few "shared" passwords, there are some rules that for me are pretty basic and critical to ensure security of your "online accounts".

  • The first and in my point of view most dangerous problem, is having one shared password for everything: email accounts, online shopping, websites, forums... Sadly, we live in a world so full of badly secured websites, faulty software and in general scarce security measures, so the chances of our password being either stolen or at least read increment with each site/service we register into.
    Never use only one password for everything.
  • The second (as I said, IMHO) its choosing a predictable password. Apart from having this lists and brute-forcing dictionaries, If I were bad and tried to hack into someone's Messenger account, I would try from guessing the secret answer to trying birthdays, girlfriend anniversary date, things that the other person likes,...
    Never use a common word or anything related to your personal life that others might guess or predict.
  • And the third one is not taking advantage of the allowed charsets and choosing a weak password. If the password is case-sensitive, use both types of letters. If you can use slashes, underscores or other symbols, add them! The difference between an alphanumeric only brute-force dictionary attack and a full ASCII one is huge (and imagine with UNICODE or similars!), the harder you make it for hypotetical attackers, the better.
    Use all available character types and symbols when creating a password.

I use a password safe software to store all the different website passwords. My recommendation is to check in detail what encryption algorithms it implements, how portable it is (USB drive/portable version, PDA/phone readonly version to check passwords wherever you are...), and of course, setup a really hard and strong password on the safe! Mine is around 30 characters long, including all kind of characters. Remember that it will store everything so has to be the hardest password to crack!
It should have too a lockdown timer, so if you forget to close it, auto-shutsdown in X minutes.

The weakest point in the security chain is always the human factor, so try to harden it!


Posted by Kartones on 2009-11-15