ebuzz - How Secure is Your Password?

How Secure is Your Password?

This week, a Wired News column analyzed the password-related implications of a recent phishing attack on the social networking site MySpace. The report compared the 1,000 captured user passwords to a similar collection obtained from a major corporation, and concluded that MySpace users are better at choosing secure passwords than are corporate employees. Which should give everyone pause.

We used to quip that "password" is the most common password. Now it's "password1." Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric.

This article got us thinking about corporate passwords. If your corporate policy is such that the password is difficult to remember, people will write it down and either stick it on their monitor or just hide it poorly (under the mousepad or in a drawer).

What does this mean? The very people you don't want accessing your data will find it. How hard do you think it is to bribe the cleaning staff, for example, to let you in at night? "Hard to remember and changing every 30 days" is not a good password policy.

What works? Choose a password that is at least eight characters long, two of which should be numbers or punctuation. The password should either not be a word in the dictionary, or else be a combination of two words.

Wikipedia has an article on password strength that gives some options for creating strong passwords. It's worth a look and a thought.

And that's our take on the news today!

Click here to return to eBuzz Archives