If Benjamin Franklin was alive today, what would his advice be on changing your passwords?
I would imagine wise old Ben would say something similar to his quote on politicians:
I would imagine wise old Ben would say something similar to his quote on politicians:
“Passwords are a lot like diapers. They should be changed
frequently, and for the same reasons.”
Like most people, you have heard that you need to have a
complex password, but what you may not be told very often is that you need to
change them frequently, preferably every 30 days.
The reasons for this are many.
Most importantly, should your password be captured by a cyber-criminal,
more times than not it is captured through the use of an automated tool such as
a sniffer or your password hash (your password encrypted) is obtained off of a
website that you use that is compromised.
In both cases, there is some time between when the password is in the
hands of the hacker, and when it is actually used. Even if your encrypted password is captured,
it can be cracked. A complex password
can be cracked in less than 45 days, hence why you should change it at a
minimum every 45 days. The best
security, is security that is constantly changing. In theory, if your password is captured, and
you change it frequently, then it has a very short shelf life and will be of
little use to a hacker.
As always, frequent change is just one piece of the security
puzzle. To extend your password life,
use a password that has a minimum length of 10 characters (14+ is preferable),
uses upper and lower case alpha, numerical, and special characters
(!@#$%&?). Most importantly, stay
away from dictionary words and people’s names.
I recommend using a combination of things in your life to make the
password easy to remember by you, but hard to guess and difficult to be cracked
be a hacker. For example, let’s say you
drive a BMW 330i (or it’s your dream car), your daughter’s name is Karen, and
your wedding anniversary is on June 9th. A good password would be K@r3n330!9, whereby
you replace vowels with numbers and special characters. Memorable for only you and harder to crack
than a non-complex password.
A good password checker that runs on your PC (and it's free) is at https://sensepost.com/blogstatic/2010/04/password-strength-checker.html
.
Keep in mind, even my example only rates as “Reasonable”.
Be secure!
No comments:
Post a Comment