SHCC WYSIWYG Article from October 2010

Previous Next

This article was written by Don VanSyckel, the club president, as a part of "The President's Pen".  This article appeared in the October 2010 WYSIWYG newsletter.

Passwords; the Good, the Bad, and the Guessable

by Don VanSyckel

Do you do anything on line? That involves passwords? Bank? Magazine subscription? Stock account? Electric bill? Anything that could cost you money? I recently read an article titled "If Your Password is 123456, Just Make It HackMe" written by Ashlee Vance and appearing in the New York Times January 22, 2010. Ms. Vance had many interesting facts and observations.

It seems someone hacked into a popular site and stole a list of 32 million passwords. This list got posted briefly on line and was downloaded extensively. This list gave some legitimate researchers some data they never had access to before, a large list of passwords. It turns out that "123456" was the most popular password, followed by "12345". Others in the top 20 include "qwerty" (first 6 letters in the top row of the keyboard), "abc123", and "princess". Another statistic is 20% of the passwords were in a list of 5,000 common words.

I have my own set of password rules that I've been using for several years.

1)If the password can be 8 or more characters make it at least 8 characters. I generally don't go beyond 10 characters but in general the more the better. If the password or pin won't take 8 characters make it as long as allowed.
2)Never, never use words, even spelled backwards. The occasional 'to', 'at' or 'as' doesn't count.
3)Include at least one of each of the following categories:
a)Upper case letter
b)Lower case letter
c)A digit (0-9)
d)A special character (shift above the numbers and other non letter and non-number characters).
4)Use each password at only one on line site. This way if passwords get stolen, it's only for that site.
5)No birthdays or anniversaries
6)Record your passwords electronically in a secure place.

There are several password vaults available. In addition browsers like Firefox have a built in password vault. However you record your passwords, it must be secure and you must back it up. Copy it onto a floppy and stick it in your sock draw. Don't just dump the passwords out into a file and then keep the file on your hard disk. If the disk breaks everything everywhere on it is gone.

End of Article

Previous Next

To discuss the article with the author, send an email.

Article Index Page


Contact the webmaster with comments and suggestions about this web site.

Home