Just got a call from a friend who got attacked by SPAM and had bank and PayPal accounts hacked. The question I got was this, “Do I have to change my email address?”
My answer was, “No, Get a better password!”
I also suggested that AOL might not be the best place to park her email. (They have a bad reputation for harboring SPAMmers, although they try to keep them away.)
I thought it was a good time to review password policy. Good News to some of you is this: Changing your password is NOT as important as having a good password. For some of you the question is, “What makes a good password?” Well, I am here to help!
A good password is:
- private: it is used and known by one person only;
- secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the monitor;
- easily remembered: so there is no need to write it down;
- at least 8 characters long;
- a mixture of at least 3 of the following: upper case letters, lower case letters, digits and symbols;
- not listed in a dictionary of any major language;
- not guessable by any program in a reasonable time, for instance less than one week.
And here are some DON”Ts from CMU/SCS Computing Facilities:
- Do not choose a password based upon personal data like your name, your username, or other information that one could easily discover about you from such sources as searching the internet.
- Do not choose a password that is a word (English or otherwise), proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a “dictionary” of passwords.
- Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1”, writing a word backwards, etc. For example, “password,123” is not a good password, since adding “,123” is a common, simple transformation of a word.
- Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters.
My last piece of advice for my friend was this: Find two or three passwords that are easy for YOU to remember (following the guidelines above) and use a different one for each of your bank accounts, Paypal and such. This way, one compromised password will not let them into every account.
Got Questions? I am here to help! Use the Contact page to shoot me an email.