"Passwords that are easy for you to remember are usually also
easy for others to guess. Using passwords that are easy to figure
out – and, worse, using the same password over and over again –
it's like leaving a master key to all of your locks under your
doormat or on the front, right tire of your car," says President
and CEO of US recruitment site MedZilla.com, Frank Heasley.
There are many forms of authentication, including passwords, PIN
numbers, two factor authentication (requiring two forms for
access), biometrics and user cards.
"In general, the password as an authentication form is the most
widely used by far, but it's not the strongest form," adds Mark
Ford of professional services firm Deloitte & Touche. "It's a
must to use some sort of authentication if you have any expectation
of confidentiality or privacy."
Gary Morse, president of Razorpoint Security Technologies, has
more than 20 years experience in network and internet security.
Companies pay him to identify and fix security vulnerabilities.
Morse advises clients that they should not use words or names as
passwords; rather, they should use mixes of upper and lower case
characters, numbers and symbols to safeguard their information.
That does not mean that you should use your name and birth date
or other more obvious mixes of numbers of characters. Never use
personally identifiable information. Instead, be creative, so that
even your best friend, husband, wife, or mother would have trouble
figuring out what the password means.
The longer the password, the more difficult it is to break.
Deloitte's Ford suggests starting with an eight or nine-character
word or phrase and randomly adding numbers or symbols to it.
Changing the password is always a good practice. According to
Ford: "We recommend the shorter duration, the better. But it has to
be practical. Typically if it's very confidential information,
people should change them once every 30 days."
Use a different password for every location. Michele Groutage,
MedZilla.com's director of marketing and development says by using
different passwords for each site you visit, you can keep any
damage from hackers to a minimum. "By diligently changing passwords
from site to site, you protect yourself," according to
Groutage.
While some people recommend writing passwords and keeping them
in a secret place, Ford says its best practice not to write down
any of your passwords and never divulge them. Instead, use memory
techniques to remember all those different numbers, characters,
symbols and sites.
He suggests using acronyms of words and phrases and using two of
these acronyms for one password. In between the acronyms, add a
shift character. "That can be a fairly complicated password - over
eight or nine characters long - and fairly easy to remember," Ford
says.
To encourage users to use different passwords each time, Morse
suggests using the same basic code for all your passwords, but
changing the last three, first three or middle characters. You can
even add letters that pertain somehow to the site. For example, the
password MBISledd4, might also include "zilla," if it's your
password on the MedZilla site.
