Outside The Lines
By Carla S. Cawlfield

Passwords 101

Just because you're paranoid doesn't mean they aren't after you”—Joseph Heller, Catch 22

Joseph Heller should have had this quote password-protected, because it was later used by Kurt Cobain of Nirvana. I have been using computers all my life, and the Internet since it was made available to the public. So over the years, I have set up jillions of accounts that required a password. Creating passwords is easy; it’s remembering them that can be hard. Here are some tips on effective and simple password maintenance.

Rule #1—Do not share your personal passwords with anyone. This includes spouses, kids, and co-workers.

Plan and Organize. Before you ever set up any passwords, think about it. Your problem will be in remembering tens to hundreds of passwords assigned to different accounts. You may not always be at your own personal computer(s) where Cookies will fill-in the password each time you access a program. Some pre-planning will come in handy. (If you already have lots of accounts with passwords you can’t remember or maintain, a password tune-up is needed. You can re-assign new well-thought-out passwords to existing accounts, using the following tips).

Get Cryptic. Rather than just grabbing a password on the fly, get creative. You can help manage the complexity of passwords if you think deeply about old memories or data that you have not shared with anyone. This is way beyond the security questions asked at various sites, i.e., questions like family birthdays/anniversaries, your mother’s maiden name, your first pet’s name, your favorite color. Forget all those. Rather, consider combinations of partial words and numbers that have meaning only to you. (See basic tips below for specifics.) Doodle with them, create anagrams, see if you can come up with a few that are cryptic to anyone else, but easy for you to remember. If you design them carefully, a few passwords may last you for years.

Security. Accounts and programs fall into various levels of security:

Highest Security—your personal computer, email accounts, online banking, personal web pages, eBay/PayPal, ATMs, etc. This is extremely valuable, sensitive or personal data, the loss or corruption of which would be catastrophic. See Rule #1. These accounts deserve your most careful attention. The flip side of password protection is BACK UP YOUR DATA! If someone does hack into your accounts, having your data backed-up and stored outside of your computer is a life-saver.

Medium Security--online photo storage sites, travel search engines, birthday greeting programs. If someone broke into these accounts, they might post or retrieve vacation or other embarrassing photos, but not much terrible damage can occur, unless you are Rob Lowe, Paris Hilton, or Alec Baldwin.

Low security--sites include online recipes, weather info, television listings, newspaper sites, and such. Why these sites even want your email address and for you to log in is only for their own data mining and marketing purposes. You are not uploading anything, they are merely public retrieval sites. Tip: Save yourself some hassles and create a junk “throw-down” email address for these types of sites, such as anonymous@hal-pc.org. (HAL-PC/HALNet members can have more than one email address at no extra charge.)

“I'm re-encoding this message every ten seconds, so have your system keep up with us.” David Bassom, Babylon 5

Rule #2—Do not share your personal passwords with anyone. Sound familiar? If you truly cannot commit to memory your most important passwords, as an absolute last resort, record them and hide them somewhere very private and known only to you.

Create passwords that are difficult to hack (see basic tips), but that you can recall in an instant, without writing them down somewhere. Contrary to some “experts” advice, I am not an advocate of writing passwords down where other persons have access to your computer, either at home or at work.

It is okay to repeat yourself. You CAN use the same password over and over on different accounts. But be careful. If someone hacks your passwords somewhere, if you have been careless about how you repeated yourself, they will have access to your highest security accounts. Use unrelated passwords at the highest security level. For the medium and low security accounts, the same passwords may be okay.

Rule #3—Do not share your personal passwords with anyone. This includes email requests you may get from your bank, eBay, PayPal, etc. telling you to reply to the message and create a new password (these are almost always fake emails from scam artists). No legitimate business will EVER send you a solicitation email asking you for your password. Did you get the message?

Rule #4—Now go break Rules #1 through 3, but only after you are dead. I recommend you record your passwords or secret location thereof in your Last Will and Testament. The executor of your estate will need to access your records in order to settle your affairs. Include locations of paper files, electronic files, online data sites, and necessary related passwords. Rather than have this info actually typed into your signed Will copy, just create an attachment page that you can update as the file/password information changes from time to time.

Three can keep a secret if two are dead.--Benjamin Franklin

Good, Bad, & Ugly

Good password example—8U 3r Y6ng
Bad password example—hotstuff
Ugly password example--*&@%

Best Basic Do’s & Dont’s:

  1. Do back up all of your data and store it on removable media, away from your computer.
  2. Do use at least eight characters. The more than eight, the better.
  3. Do use a combination of upper and lowercase letters and spaces.
  4. Do use a combination of letters and numbers.
  5. Do make sure your final password is a messed-up jumble of characters.
  6. Do make sure your final password makes absolutely no sense to anyone else.
  7. Do not use any real or fictional names or dictionary words (this includes all languages!)
  8. Do not use obvious dates, birthdays, anniversaries, etc.
  9. Do not use public or semi-public personal data, such as house numbers, social security numbers, phone numbers, ages, etc.

For a lot of specific do’s and dont’s (if you want to read really loooong articles about passwords), here are some helpful websites:

http://geodsoft.com/howto/password/password_advice.htm
http://www.microsoft.com/athome/security/privacy/password.mspx?pf=true

Carla Cawlfield is a long-term HAL-PC member and volunteer. Regular readers of this column know she is a hopeless packrat. Call her if you decide to have a garage sale; she’ll buy anything. Contact her at carla@hal-pc.org.

© 2007 by Carla S. Cawlfield