Posts Tagged ‘password’

Choosing good passwords

Sunday 22 February 2009

passwordAuthentication on personal computers and on the internet is done mostly by using passwords. Other methods are available but for reasons of usability (too complex) and or cost (too expensive) still not widely used. Computer authentication has two goals; one is to keep strangers from using your account in and the second goal to allow you to login. The effectiviness of authentication using passwords is mostly determined by how well you choose your password. A bad password is one that is easily retrievable either by knowing the person (for example by trying spouse or cat name) or by running  a dictionary attack

The recent proliferation of the Conficker worm and the hacking of MySpace showed once again that many people are not very good at choosing a password that is effective. One of the ways the virus spread is by trying to authenticate by using a list of 200 common passwords; the list is public. If your own password is in this list or looks similar to words on this list I suggest changing your password.

Choosing a proper password is not difficult but requires a bit of thinking and creaitivity. Some excellent advice on choosing good passwords from Bruce Schneier. More interesting information on statistical analysis of the passwords used on phpbb.