Passwords That Work
A good password is a system for creating codes that are easy to remember but hard to crack. Here's a set of guidelines:
By Sarah D. Scalet
October 01, 2006 — CSO —
1. Choose a phrase that's at least five words long. It could be a book or song
title or a quote. Draw your core password from that, perhaps by using the first letter of each word. For
example, the first letters of the book title The Cat in the Hat are: tcith. This step protects you from a
dictionary attack, in which someone tries to crack your phrase using known words (and proper names).
2. Alter some of it. Replace some lowercase letters with capital letters,
numbers or symbols. For example: Tc!tH capitalizes the first and last letter and replaces the "i" with an
exclamation point. (You could replace an "a" with the "@" symbol too.) Make it simple; don't write your
system down.
3. Customize the password for each use. Add a character or three to the core
password to ensure that every pass phrase is at least seven characters long and includes a number.
Generate an extra letter and number based on the name of the program you're accessing. For example:
o5Tc!tH could be a password for a Yahoo Web mail account, adding an "o" for the last letter of Yahoo,
and a 5, for the number of letters in Yahoo.
4. Write down your hint. Now you can write down a mnemonic device that will
jog your memory without being obvious to anyone else. Hide this piece of paper or keep it in your
wallet. For example, you could write down "basic: cat" to recall the Dr. Seuss title.
5. Establish different levels of passwords. Use different core phrases to
develop passwords for online banking, for accounts that use your credit card and for those that don't
involve financial information. If you can't change your password every 90 days, do so whenever
daylight-saving time starts and stops.
Source: Adapted from "How to Write Better
Passwords,"
Read more about data protection in CSOonline's Data Protection section.
Other stories by Sarah D. Scalet
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
