How to choose a secure password
Choosing a secure password is important but how do you go about it?
Published 15/12/2010 | 12:02
The news that Gawker users routinely had painfully obvious passwords, such as ‘password’ will not come as a surprise to IT security experts.
Indeed, even top IT managers themselves have been known to make the same mistake.
A secure password, however, depends on secrecy, not length. So a pin number only needs to be four numbers long because it relies on users not sharing it, and on the fact that to use it you also need your credit card. This is called ‘two-token identification’.
If this method is not available, as it seldom is for most websites outside the major banks, then a password should be longer than eight letters, and mix numbers and upper and lower case.
If it is completely nonsensical, that makes it less easy to guess, too. So akW4kqP0 is more secure than Pa55word, for instance.
It’s worth noting, however, that the Gawker hacking was not based on guesswork – few criminals would invest the time in that method.
Hackers are quite likely to see your entire password if they see it at all.
If you can, therefore, consider changing your password as often as you think is reasonable, don’t use the same password for too many different accounts – and above all, watch your accounts so you know if anything goes wrong.
There’s no such thing as a totally secure password.