|
|
|
Good Passwords |
|
Passwords that are easy to guess are a major problem for network and computer security. Computers these days are very fast, and can try, in some cases, thousands of password guesses a second. Therefore, it is important for the security of your data at Songbird that you protect all forms of private accesses with a good password. These includes ftp/telnet/ssh logins, and any protected web pages you have.
It is sometimes hard to know whether a password is susceptible to guessing. As a rule of thumb, any password based on a dictionary word, or a name of anyone or anything is much more susceptible to guessing than random strings. However, random strings are almost impossible to remember.
A useful compromise are strings that tend to be pronouncable. Such strings have a higher concentration of vowels than truly random strings, but still are fairly random. If you add a few numbers and special characters, you can get very good passwords.
The problem is made much worse by the fact that if you are on the net much at all you start to accumulate passwords -- many sites require password access, and it is very difficult to remember more than a few good passwords. People inevitably start using bad passwords, or, almost as bad, using the same password everywhere.
It is better practice use good passwords everywhere, memorize a couple of important passwords, and write down the unimportant passwords. There is a big difference between someone finding your password to read the news at the New York Times site, and someone finding your password that accesses your electronic trading account.
A good way to save passwords of lesser importance is to write them down and hide the paper. A small piece of paper can easily be concealed; it can be carried in your wallet, with your credit cards, identification, and other stuff you really should keep secure. A useful trick is to systematically modify the passwords in your wallet in a way known only to you -- eg, swap the first and third characters, and shift the fifth character 2 character positions (a->c, z->b, etc). But you may not want to go to that trouble for the New York Times...
To encourage the use of good passwords, you can try our "password generator" page, through the link below. Everytime you reload it, it generates a new batch of good passwords, generated through very random means. Since the process is random, sometimes a word will appear embedded in the pasword -- try to avoid passwords with embedded words. Also, there is nothing sacred about the passwords -- it is perfectly resonable to modify a few characters to get a password you can remember, but that no one can know but you.