Password is key to computer security
| • | Naming tips |
By Tim Engstrom
Gannett News Service
Ali Baba needed only the words "Open, Sesame" to get all the treasure.
So much for technological advancement.
Today, computer users are asked for passwords at every turn. A password to log on, a password to check e-mail, one to read an online magazine, another to pay the phone bill and still another to refill a prescription.
It's enough to boggle the mind, or at least make you do something really, really unwise — like using one password for everything or putting a sticky note full of passwords on the monitor.
"That's not a safe password management practice," said Bill Rosencrantz, group project manager for Symantec, the security software company. "You wouldn't leave your keys taped to the outside of your front door, would you?"
Symantec recently conducted a survey of computer users and found 93 percent of people who responded had at least one password, and 75 percent of those kept the password in their heads. In addition, 56 percent change their passwords once a year at most, and 62 percent said they used the same password for everything.
Jeff Osborne of Fort Myers, Fla., said he has seven or eight passwords that he uses, often every day.
"I try to keep them similar, but not the same," Osborne said. "If I forget, I know it's one of about three things or combinations."
Memorizing passwords may seem to be the safest approach, but the experts say it becomes a problem when people are juggling more and more passwords and changing them as frequently as they should.
Mix it up
Passwords that mix numbers, letters and punctuation marks are best, but also the most difficult to remember, said David Keller, founder of Compu-Doctor, a computer repair business in Cape Coral, Fla.
"When it comes to passwords, the more convenient it is, the riskier it is," Keller said. "The harder it is to crack, the harder it is to remember."
Keller said he falls into the write-it-down camp, but he keeps his passwords printed on an index card discreetly tucked away in his home.
"Even though it is old-fashioned, you can always go look something up if you have to, and my home is relatively secure."
Rosencrantz, however, said Symantec has a better solution. He is the product manager for Norton Password Manager 2004, which, for $39.95, saves passwords for several users, safely encrypted behind a master password.
Keller said he hasn't used the program, but it sounds interesting. However, he cautioned computer users who might look for a bargain by downloading a similar program from a lesser-known software maker.
"The last thing you want to do is download a so-called 'free' password manager," Keller said. "They are loaded with spyware."
Spyware, unauthorized programs running under your nose, can jeopardize the very data you are trying to protect, either for marketing purposes or outright theft, Keller said.
• • •
Use six to eight digits, mingling letters, numbers and punctuation marks. Birth dates, anniversaries, addresses and phone numbers should always be avoided.
Don't use words that appear in any dictionary. Consider eliminating vowels or using nonsense sounds that can be remembered, for example: NYYK#5NAAK.
Consider using the first letter in a sentence you can remember. For example: "The quick brown fox jumps over the lazy dog" becomes tqbfjotld, then add numbers or punctuation for an extra measure.
Use as many unique passwords as you can manage for various accounts, but make certain you do not reuse passwords used for sensitive accounts, such as online banking, investing or prescriptions.
Change passwords for sensitive accounts every six to eight weeks.
Do not save passwords in an unprotected file, such as a Microsoft Word file on your desktop.
If you simply can't remember passwords, consider writing them down and placing the list in a secure location. Or, consider a computer application from a reputable online security provider.
