Passwords matter. Give them some thought.

Before you take off for the summer, take a moment to write down your passwords for things like eSembler, Chancery and etc.

If the idea of writing down a password conjures up scenes from Wargames and Ferris Bueller’s Day Off, don’t worry—it’s really not a bad idea.

It is better than choosing a poor password. The Dalebert comic (below) is not too far from the truth. Here is a recent list of the 10 most common passwords:

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)

Yikes!

Security guru Bruce Schneier writes:

People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down… writing down your impossible-to-memorize password is more secure than making your password easy to memorize.

He’s not alone. Microsoft’s Jesper Johansson made the same suggestion.

Another suggestion that I like comes from security expert Steve Gibson. During his podcast Security Now, Steve explains:

Most people have never taken some time to create their own policy, their own personal password policy. They’re on the web, they’re doing something, and suddenly something says, okay, give me a password, create a password. And so, you know, they think of – they just do the first thing that comes to mind, whatever that might be. And so I wanted to take some time to discuss the issue of passwords and cause our listeners to sort of say, okay, wait a minute, this is an important thing. I’m going to, you know, take five minutes and figure out what I want to do about this, rather than continuing not to think about it and not to think that it’s important. Because I think it arguably really is an important issue.

Steven suggests that you create a little algorithm that helps you create a new password for each place you log into.

…take every other letter from the domain name, or every third letter. Come up with a rule for capitalizing them. Swap some letters around. You know, just sort of make up your own algorithm – and you don’t share with anybody else, and don’t use anything that I’ve talked about on the show, of course – and use that to create a password. Maybe take the name and, like, mix in the year of your birth, alternating that with the letters.

Steve talks about passwords in Episodes 4 and 5 of Security Now. I used Audacity to splice together the good parts into one show. Give it a listen.

His site also provides:

• a list of favorite passwords-related utilities and
• the Ultra High Security Password Generator.

When you think about all the important and private things that your passwords protect, you owe it to yourself to give passwords some thought.