Choosing Passwords

Nobody wants someone else to read their email. Even worse is the possibility of using that email address to reset the password of everything else they use online. Want someone to have access to your paypal? You should choose a strong, secure password that's easy for you to remember but can't be easily guessed by someone having gained intimate knowledge of you. The more random and muddled you make it, the more difficult it is for others to guess. If your password is compromised, the cracker may be able to totally take over your identity.

A small password can be easily cracked if the potential fraudster obtains a crytographic hash of it. Modern computers work fast enough to cycle through all alphabetic combinations shorter than 7 characters. A password is considered weak if it is too short or is still set to a default setting, or which can be quickly guessed by searching a dictionary file full of common passwords.

A strong password would be long, random appearing, or could be produced only by the user who chose it, so that these tools would take too long to complete to make it not worthy of the crackers time.

These are some example security practices that can assist in password picking:

1) Passwords should preferably be between 8 and 14 characters long.

2) Passwords should contain a combination of numbers, letters, and special characters (when allowed by password policies).

3) Passwords should not contain dictionary words from any language, or even from technical dicitionaries.

4) Each password should be totally different from your username.

5) When changing passwords the new and old passwords should differ by at least 3 characters.

6) Avoid choosing names of people, pets, locations, or other personal info that can be easily discovered.

7) Stay away from commonly used keyboard sequences, such as qwerty or zxcv1234 .

8) Never make a password by just adding a digit to a word. If I know your name is Dave I could try dave1, dave2, dave3 etc. with a script that allows me to do hundreds in a second.

9) Avoid writing your password down, storing it on your computer or tattooing it on your face.

10) Never share your password with other people (even your friends).