Passwords are a fact of Internet life and
how you use (and protect) them is of vital importance.
Too many users defer to easy-to-remember passwords that they use on everything so
that they don’t have to remember which ones go with which resource. Once that single
password is breached, anything and everything that the user has is at risk.
Of those that don't seem to be too concerned about security, four-digit passwords
are quite common that usually reflect the last four numbers of the user's SSN or,
even worse, their bank PIN number. Using numbers is very common, but what most
don't realize is that pure number passwords are amongst the easiest to break.
Computers (and "brute force attack" programs) can try several thousand
combinations per minute until they break numeric passwords.
Any word that is in the dictionary is also low-hanging fruit for password breakers
because of the plethora of rogue software that uses a "dictionary attack."
The best passwords are the ones that we humans have the toughest time remembering.
They use a combination of numbers and letters, are at least eight characters long,
and don't have any personally identifiable-characteristics (pet's name, phone number,
etc.)
That's where password management software programs come to the rescue.
Not only will they remember which passwords belong to which resource, they can also
generate very difficult to break passwords, encrypt everything that they store, and
automatically fill out known Web sites with both the username and password.
All of your critical passwords are protected by one password, so it is even more
important that you not use easy to break passwords on programs like these.
Also, get in the habit of checking over your shoulder before typing critical
passwords, especially in public places.
There is a great danger, however, in relying completely on these programs to do it
all. If the program malfunctions, your computer's hard drive completely fails, or
your computer gets stolen or destroyed in a fire, you could be up the proverbial
creek without a backup.
You may want to consider exporting your passwords to a CD or floppy disk and
storing it in a safety deposit box or some other off-site secure location.