How To Write A Secure Password

Every business computer contains information you want to keep secure. You don't want people reading or corrupting your accounting records, employee records, customer records or business communications. The first line of defense is a good password.

To create a good password, you must first understand what makes a bad password.

• Your user name repeated
• Any personal information like your birthday; any family member's name; your pet's name; your SSN, etc.
• Your license plate number
• Obscene words
• A combination of your kid's birthdays or names
• Anything from geeky computer games like "plugh" or "BFG9000"
• Unmodified words from the dictionary

Any hacker worth his salt will try all of the above. A really good hacker will have a program that tries different passwords, including a wide variety of dictionary words. The programs will even be smart enough to substitute special characters for letters, like "@" for "a" and "$" for "s".

What Makes A Secure Password

Any good password is at least 6 characters long. Longer is usually better, but be aware that some Unix/Linux systems truncate passwords at 8 characters. Anything beyond 8 is ignored. Here are some other techniques that help:

• Combine words and numbers. Stick a number in the middle of a word (Toi6let).
• Combine two or more words with a number or symbol (diet!pepsi).
• Mix a date and a word (F1o9r6d5), a combination of Ford and 1965.
• A part number or serial number from a piece of equipment.
• A score you can remember (USA3Japan2).
• A license plate number that doesn't belong to you.
• How about a mnemonic for a phrase you know? "trissmont" (The rain in Spain stays mainly on the plain) Stick a percent sign or explanation point in the middle and you have a great password.
• Don't forget to use upper case and lower case characters. They are different.

What's Next

Once you have created a good password, you need to secure it. Here are some rules to keep it secure. Some are obvious, others not so much.

1. Don't write it down anywhere near your computer. If you must write it down, store it some place secure.
2. Never use an important password on more than one system. The habit of using the same username and password on multiple accounts is the easiest way to make a secure system, insecure.
3. Don't tell anyone your password (one of the obvious ones). It is amazing how many people give out the passwords to computers with sensitive information.
4. Check frequently for key logging devices attached to your computer. They may be installed between the keyboard and the computer or may look like flash drives, plugged into a USB port. If you find one, you have a determined hacker nearby.
5. Change your password frequently. This one can be troublesome. If you change it too often, you will not remember it and will have to write it down somewhere it can be accessed easily, a violation of rule 1.
6. Never save your password in an email or Outlook note.

Finally, be aware of people looking over your shoulder. While most aren't trying to steal your password, some are.

Now that you have a secure password, think about securing your computer. If your BIOS isn't password protected, anyone can stick a Linux CD into your CD drive and boot the computer, gaining access to your hard drive. Encryption programs are available for your critical data. Hardware and software firewalls keep network users out. Lock your office door. Lock your keyboard when you leave your desk. Install a locking device to avoid a snatch and run thief.

Computer security is a serious matter. A good password is a good start.