Tuesday, February 10, 2009

The password is . . .

Last week, Robert Graham analyzed the top 20 passwords culled from a recent password hacking incident. It's an interesting read, and it got me thinking about my own password history.

When I was very young, I went to the grocery store with my grandmother. Next to the store was a bank, so Grandma sent me over to the ATM to get some cash while she started her shopping. She handed me her debit card and explained how to use it, saying "You'll have to enter a secret code in order to get the money." Here she paused, and looked carefully around to make sure nobody could overhear her. "It's 1-2-3-4." Even at my tender young age, I thought that was kind of a stupid password.

I like to think that my passwords--of which I have many--provide me with a modicum of security, but I don't know. While I would never use something as simple to guess as my grandmother's PIN, I'm sure a person who was determined to get my data would be able to crack my various codes. The fact of the matter is, if I made my passwords complicated enough that nobody would ever be able to guess them, I would never be able to guess them.

When I worked in the cubefarm, our security was such that we were prompted to change our passwords rather frequently. They were required to be six or more letters and/or numbers in length, and we could not repeat any of our last six passwords. All of this annoyed me, so my passwords were often expressions of my distaste for having to come up with a new password: biteme, yousuck, howstupid, foreign swear words, and the like (similar "emo" and "don't care" words are mentioned in Graham's article--I guess my password ire wasn't unique).

Take a look at Graham's analysis, and ask yourself--do your passwords pass muster?

4 comments:

Lori said...

When I worked in an office, I remember writing about how to protect against hacking. Top tip - stop taping your password to the monitor! Seriously. That's worse, in my opinion, than using your gramma's password. ;)

I go for the obscure and I use numbers to substitute for letters. Easy for me to remember, but much harder to hack. And I don't go for anything anyone would guess at, like the name of my dog or my street address. That's just asking for it!

Angie Ledbetter said...

Fun post! I use combo letters/numbers.

Kathryn Magendie said...

Lawd! I hate thinking up passwords and etc....I best go look at that article...erk.

Hey! an idea - I can use some of the word verifications...down there, like the one I have to type in that reads 'bersh' !

writtenexpressions said...

Lori, I'm proud to say the only things taped to my monitor are cartoons and fortunes from fortune cookies.

Angie, I use a lot of letter/number combos too, but I have a tendency to forget the numbers. Thank goodness for those "security" questions they ask when you have to retrieve forgotten passwords!

Kathryn, those word verifications are probably pretty unhackable!