Lessons in Cryptology | Choosing a Secure Password

One of the single most important items – or at least scary items – on everybody’s agenda in our modern world of insta-sharing is cryptology: the art of encoding & decoding.

bruce schneier

Crypto-expert Bruce Schneier shares with readers of his crypto-gram (and elsewhere on the internets) constant tips, news, and articles that will make you smarter, and perhaps also disbelieve everything you know about our world of security and information.

Serious stuff for serious minded individuals looking to not be ignorant about security.

In one of his recent crypto-grams he talked about some really great points on choosing a secure password (previously featured on BoingBoing). I took away some key items.

There’s more to passwords than simply choosing a good one:

1. Never reuse a password you care about.  Even if you choose a secure password, the site it’s for could leak it because of its own incompetence.  You don’t want someone who gets your password for one application or site to be able to use it for another.

2. Don’t bother updating your password regularly.  Sites that require 90-day — or whatever — password upgrades do more harm than good.  Unless you think your password might be compromised, don’t change it.

3.  Beware the “secret question.”  You don’t want a backup system for when you forget your password to be easier to break than your password.  Really, it’s smart to use a password manager.  Or to write your passwords down on a piece of paper and secure that piece of paper.

4. One more piece of advice: if a  site offers two-factor authentication, seriously consider using it.  It’s almost certainly a security improvement.

I would like to heavily suggest that you take the time to read his article there and get excellent tips on how to create a more secure password. Though it may make you feel like it’s a fruitless effort, there are techniques that we can each make when making our passwords to ensure that we at least don’t leave our doors wide open to any Joe Blow out there.

uTVM,TPw55:utvm,tpwstillsecure = Until this very moment, these passwords were still secure

In my next magic act, I shall show you how I memorize 100,000 passwords… 🙂

Leave a Reply

8 + 2 =