If my clients are any indication, most people think that the purpose of a password is one of the following:
- a way for their consultant/system administrator to make their system harder to use,
- an inconvenience,
- their name,
- their birthday
- the word “password.”
Let me set the record straight. The purpose of a password is to keep your computer, and the information on it, secure.
Yes, passwords are somewhat inconvenient. That’s the point. A wise person once said “security and convenience are inversely proportional.” Given that, the cost of security is a little convenience. I am consistently amazed at people who resist having any passwords whatsoever on their systems because they are “hard to remember.”
Yet they somehow manage to remember scores of seemingly random 10-digit numbers. If you doubt me, ask yourself what your home phone number, work phone number, cell phone number, and significant other’s phone numbers are and tell me I’m wrong.
The purpose of a password is to also keep out viruses and worms. Many malware programs take advantage of systems with blank passwords and use these as a way to gain access to systems. These can usually be thwarted by any password.
But a cracker (or hacker, to use the more popular terminology) needs something a little tougher than that. This is why we recommend that all business computer systems have a strong password. What is a strong password? I define it as:
- Being at least 8 characters long.
- Consisting of a mix of upper and lower-case letters, numbers, and at least one NON-numeric, NON-alpha character, such as !@#$%^&*(). (Think “cartoon swearing”).
When I say this, most people immediately respond by saying “how are you supposed to remember that?!?” Well, despite those requirements, it does not have to be difficult. Just get a little creative. For example, “2TrainTracks!” meets the requirements. It’s longer than 8 characters, has upper-case and lower-case letters, a number, and a non-alpha character. It’s not that hard to remember two train tracks, is it? No. Just remember the two is a number, capitalize the T’s, and put an exclamation mark at the end and you’re all set. If you have trouble remembering it, use it to log on to your computer, then log off. Repeat this process five times in a row and I guarantee you’ll have the password memorized by the last logon.
Then, approximately 42 days later, you can pick a new one.