c
  Tips from the

 

Computer Pro ± Password Security
As someone providing c
 
  
I commonly
find that people are using insecure, easily-guessed passwords. The most frequent
explanation is that the password is ³easy to remember.´

The trouble, of course, is that passwords which are easy to remember are also easy to
guess. But when you institute a series of rules and requirements for secure passwords,
what usually happens is that people write the password on a sticky note and hang it on
the side of their monitor.

As someone providing c
 


  
, I am
keenly aware that security and convenience are constantly at war with one another. On
the one hand, you¶d like to have your business 100% secure« and on the other, you¶d
like things to be as easy as possible in your business. But secure and easy almost
never come in the same package, so every business makes constant trades between
one and the other.

The ideal password, of course, looks like random noise. Something along the lines of
K!h8j^)Qv,$g is near impossible to guess, but also near impossible to remember.
Enforcing passwords like this is almost an invitation to write them down somewhere
easy to see.

A more realistic sort of password starts from a word people can remember. Using a
common word, of course, is easy to guess ± and susceptible to what¶s called a
³dictionary attack´ in security circles, where a would-be attacker simply tries every word
in the dictionary until one works.

However, one thing I¶ve learned providing  


 is that
memorable passwords can be a good thing. Combining two words with a number or
special character between them is frequently both memorable and reasonably secure.
So while ³giraffe´ would be a bad password ± as would ³giraffe1´ or ³1giraffe´ ± it¶s far
more secure to use ³giraffe42zebra´ instead.

For further security, one or more capital letters can be mixed into the password, but they
should usually be placed in the middle of the word rather than the beginning. While it
may seem more natural to use ³Giraffe42Zebra´ as your password, security is
significantly higher with ³girAffe42zebrA´ instead ± which can easily be remembered as
having capital A¶s.

When even greater security is desired, adding ³special´ characters or punctuation to the
password can make the password much more difficult to guess. They can be inserted
into the middle of the password, essentially at will ± e.g. ³gir!Affe4*2zeb&rA´ ± or used
to replace letters which look similar, such as ³g!rAffe42zebrA´ (replacing the I with !). A
similar approach can be used with numbers, such as by replacing the letter E with the
number 3 to produce ³g!rAff342z3brA´ and a highly secure password.

Keep in mind that while it may seem tempting to create an office-wide policy of using
animal names or some other category of words, that category may not be particularly
memorable (or well-known) to all of your employees. Simply providing these basic
guidelines and letting them choose whatever words they prefer will accomplish the real
goal: secure passwords which are still memorable.

 
 is a provider of professional c
 


 . If you need   for your small business, please contact us at
GONZALES COMPUTER CONSULTANT