Microsoft Chairman Bill Gates has called for an end to passwords for years, pinpointing them as the weak link in the network security chain. But alternative identity technologies such as biometric scanners, which use retinal and other body functions to find distinctions, and smart cards with encoded passwords are still too expensive for most businesses to deploy.
So, the majority of businesses are stuck with the lowly password, with its tendency to get lost and stolen. Some crackers -- rogue programmers who swipe passwords off private networks -- have designed software enabling them to bombard machines with 10 million word variations per second in an attempt to breach security.
Here are a few tips for keeping them out:
- Choose a password that takes full advantage of your keyboard. The more characters a password has, the harder it will be to crack. A good tip is to pick a favorite lyric or phrase and seed it with symbols, numbers, deliberate misspellings and upper and lower case letters. For example, I*m2$Exy4MyPnts or 19Go%Boi1ers96. Here's how it works: If you only use lower-case letters of the English alphabet, each character in your password will have only 26 possible values. Using uppercase and lowercase letters will give each character 52 different values. Add numbers (0-9) and you'll have 62 possible values; add symbols and you'll have a total of 92 unique possible values.
- Pick a password that is at least eight characters long. A two-character password offers just 8464 unique combinations. Using three characters increases the number to 778,688 possibilities; four characters affords 71,639,296 possibilities. Obviously, longer passwords are harder to crack than shorter ones.
- Don't be obvious. Pick something that's easy for you to remember but difficult for others to guess. Avoid using personal information such as the name of a child, pet or spouse, your birthday, wedding date or phone number. These choices would top the list of any potential cracker attempting to access your system.
- Change your password frequently. The longer you have a password, the better the chances that someone will figure it out. A good rule of thumb: the more valuable the material you are protecting with a password, the more frequently you should change it.
- Don't use the same password for multiple accounts. If your e-mail, network logon, Amazon, bank and day trading accounts are all linked to the same password, you're setting yourself up for a fall. Save your most complex passwords for your most sensitive accounts.
- Never give your password to anyone. Be especially wary of seemingly legitimate e-mails asking you to click on a link and renew your account and password information. This is known as "phishing," a common form of identity theft. Thieves set up websites that look identical to Paypal or Amazon, for example, and when visitors log on, they steal their account information and passwords for personal use or to sell to third parties.
- Never write your password down. If you write your password on a piece of paper or even in a file stored on your hard drive, a determined thief can find it. It's easier to request a new password than to recover from identity theft.
If you're unsure about the inviolability of the password you've chosen, there are several Internet sites that allow visitors to test drive a password before putting it to use. SecurityStats.com is one.
Microsoft Password Checker offers another.