The Secret Password Is...
If your password is as easy as 123, we need to talk.
The first password I ever remember using when I started in system administration was ".redruM" (no quotes). It was by far the craftiest, most-impossible-to-guess password ever conceived by a sentient being. Sadly, a mere 17 years later (wow, it's been a long time!) that password probably could be brute-force compromised in ten minutes—with a cell phone.
Since retinal scans still mainly are used in the movies to set the scene for gruesome eyeball-stealing, for the foreseeable future (pun intended), we're stuck with passwords. In this article, I want to take some time to discuss best practices and give some thoughts on cool software designed to help you keep your private affairs private. Before getting into the how-to section, let me openly discuss the how-not-to.
The Things You Shall Not Do
It's a bad idea to write your password on a sticky note and affix it to your monitor.
Yes, it sounds like a joke, but this happens every day—in almost every business. In fact, sometimes tech folks are guilty of this cardinal sin because they've changed passwords for users and need to let them know their new passwords. Seeing your password written or typed out should cause you physical pain and distress. Displaying it on your monitor is just wrong.
It's a bad idea to use any of the following as your password, or at least as your entire password:
Your pet's name, current or past.
Your child's name or nickname.
Your car's name, model or a car you want.
Birth dates of any people you know.
Name of your college/high-school mascot.
Anything related to your hobbies.
Your address in any form.
Your telephone number, past or present.
Your mother's maiden name (this is less secure than .redruM).
Any of the following: password, 123456, abc123, letmein, love, iloveyou, sex, god, trustno1, master, asdfjkl;, qwerty, password123, secret, jesus or ninja.
If I've just described your password or, heaven forbid, actually listed it in the last bullet point (some of the most common passwords), you need to keep reading. Don't change your password yet though, as I'm going to discuss best practices next, but even if you don't read another word, you can't leave your password like it is—really.
The Things You Shall Try to Do
When it comes to passwords, the longer and more complex, the better. Unfortunately, there is an inverse relationship between the quality of a password and a person's ability to remember it. Logically, one would find the balance between easy to remember and sufficiently complex, but because some people forget how to spell their own names, using some tricks of the trade is necessary—preferably, combining the tricks.
The Sentence-Mnemonic Method
if I were to tell you my password is "sipmnwnoilbinetb" and that I can remember it every time, you'd probably be impressed. Watch, I'll type it again without looking back: sipmnwnoilbinetb.
Am I really a cyborg with an eidetic memory? Maybe, but in this case, I've just used the sentence-mnemonic method to remember my password. In reality, when I type that password, I'm saying in my head, "Sometimes I pick my nose when no one is looking, but I never eat the boogers."
This particular mnemonic is good for a couple reasons. One, it's easy to remember. Two, it's a horrible lie, so no one would ever guess that's what I'm typing. And three, because it's embarrassing, it's unlikely that I'd say it out loud while typing. For most people, just using this method for passwords would be an improvement over their current practice. For the best security, however, it's important to add other complexity.
- Readers' Choice Awards 2013
- December 2013 Issue of Linux Journal: Readers' Choice
- IBM Will Minimize Impact of Future Disasters
- Sublime Text: One Editor to Rule Them All?
- Raspberry Pi: the Perfect Home Server
- Linux Systems Administrator
- RSS Feeds
- Technical Support Rep
- Senior Perl Developer
- Tech Tip: Really Simple HTTP Server with Python
- It's Jupiter
48 min 47 sec ago
- GIMP is certainly a graphic
1 hour 50 min ago
- Thanks For Your Sharing
6 hours 36 min ago
- Studying linux, and looking
10 hours 2 min ago
- voting for Best Linux Distribution
18 hours 28 min ago
- tizen vs android
22 hours 38 min ago
- i switch my choice from KDE
23 hours 4 min ago
1 day 2 hours ago
- Belanja Online
1 day 4 hours ago
- yeah, gnome2-classic is so
1 day 5 hours ago