Hardware Reference
In-Depth Information
but won't make sense to other people. For example, suppose you have a cousin Albert who
grew up in Indianapolis, and you used to call him a lot, so you remember that his phone
number was 555-1192. An effective password might be
Albert-Indy#1192
. Notice that
this password is long (15 characters), varied (uppercase, lowercase, numeric, and symbol
characters), and unusual, yet it's fairly easy for you to remember just by thinking about
your cousin.
Here are some other techniques for creating passwords that are easy to remember but
diffi cult to guess:
Substitute zero for the letter O in words
For example,
St0rageR00m
.
Substitute numbers for letters
To make it easier to remember, use the numeral that
represents the letter of the alphabet (for example,
b
=2) or use the numeral that represents
the position in the word (for example, take the word
teacher
and substitute numerals
for the second and fourth digits, like this:
t2a4her
.
Combine two or more unrelated but memorable words
For example,
GroceryCandleAshtray
.
Substitute a symbol for a letter that it resembles
For example, $ looks like an
S
, as in
$ubstitution$alary
; and ! looks like a capital
I
, as in
!temized
.
As tempting as it may be to use the same password for multiple systems or sites, you're
safer using a different password for every site you access. That way, if one site is hacked, it
won't affect your security on another site.
If you can't remember all the passwords in your head, one possible solution is to store
them in a password-protected fi le on your hard drive. Yes, someone could steal that fi le
from your hard disk and possibly even unencrypt it, but the chances of that happening are
slim compared to the chances of a server being hacked where your password for a certain
site is stored.
Another possible solution is to reuse the same password for sites that don't store any
fi nancial information. For example, you might use the same password for logging into
message boards and chat rooms at various sites, because if your password is discovered
at those sites the consequences are generally mild. Someone might log in and impersonate
you, causing you some temporary embarrassment, but you haven't lost any money. On the
other hand, you should use a different password for each of your important banking or
stock-trading accounts, because a thief could cause you signifi cant fi nancial problems on
these sites.
Password Changes
Some companies' IT policies require that you change your password at regular intervals,
such as every 90 days. The rationale is that the longer you keep a password, the more likely
that someone has surreptitiously seen you type it, or you've written it down somewhere, or
some other security breach has occurred.
