Dierdre Lee

IT Major

Most people aren’t very good at choosing passwords. The two most popular passwords (according to SplashData) are “password” and “123456”.  Other popular choices include names of family members or pets, sports teams, and swear words. Frequently people will use one password for multiple sites, making them all vulnerable to compromise. Once someone knows your user name and password for one site, they can try that combination on other sites and gain access to your personal data. You should have a strong, unique password for every site you visit.

A good password should be as complex as possible. That means it should be long, include upper and lowercase letters, numbers, and special characters. There are multiple methods of cracking a password, and one of the simplest is a dictionary attack. The attacker will use a program that tries every word in the dictionary in an attempt to figure out the password. A more thorough attack will use dictionary words, lists of common passwords, and simple variants such as capitalizing the first letter, substituting a 4 for the letter a, or adding a few numbers at the end. To create a password that can’t be easily figured out using these kinds of attacks, avoid using words from the dictionary. Those programs use non-English dictionaries as well, so don’t think of this as an opportunity to break out your high school Spanish. Try to capitalize letters other than the first one, and add numbers somewhere other than at the end. Special characters, such as &, % or $, are also good to add, and are frequently becoming required. Longer passwords take longer to crack, so the longer the better.

The problem with doing everything I’ve recommended is that the passwords end up being very hard to remember. One solution to that is using passphrases. A passphrase uses multiple words instead of just one. The easiest way to do this is use a sentence like “Once more into the breach!” but it’s fairly easy to guess that. Using several unrelated words, such as the famous xkcd example, “correct horse battery staple”. It’s better to use as many words as you can comfortably remember, or try to incorporate more numbers or symbols to make it more difficult to crack. A final kind of pass phrase uses the first letter of a long phrase, such as “Oh say can you see, by the dawn’s early light”, which can be be reduced to oscysbtdel. You can then change the s of see to a capital C, or the y of you to a capital U, turn the letter o to a zero, and you’re left with 0scUSbtdel. Add a special character, and you end up with a password that’s very difficult to guess or crack.

There are some people who do create strong passwords for each site they visit. In order to remember all their unique passwords, they keep a list next to their computer, easily available to anyone else passing by. Having a list of passwords by your computer – or worse, a sticky note stuck to the screen – defeats the purpose of having a password, but it’s very hard to remember all the different passwords you need for every site.  One option is use a password manager, which is a program that stores and organizes your passwords. You only need one password to access it, and it fills in your passwords for you. When you need a new password, it will create a strong, random password for you. Of course, you don’t want to forget your master password, and it can be intimidating to trust a third party with all your passwords. Make sure you choose a well-recommended program with a high level of encryption.

There is no way to be completely secure on the internet, but having strong passwords for each site will increase your safety online.  

Deirdre Lee is a member of the Information Technology Senior Seminar course and is planning on a career as a Network Administrator. http://www.deirdrelee.com/beacon.html