The Littlest Meap

Lessons in password security

Posted by: meaplet on: May 26, 2008

I learned a few lessons about password security over the last week, and thought I’d share them.

I’m well acquainted with the standard techniques of password security, and I always use medium to long passwords with a combination of upper and lower-case letters, and numbers. I’m not quite comfortable yet with using special characters in my passwords, so I don’t use though. I also like to have unique passwords for accounts that I want to keep secure, so having a good way to come up with new passwords and remember them is necessary.

My main technique for generating passwords is to find a short quotation or song lyric I like that includes a number (or a word with a numeric homophone) and use its initials as a password. For example, one of my now-deprecated passwords was “anc2ptw”, for the Matthew Good Band lyric “A new color to paint the world.”

Another important technique for protecting one’s passwords, of course, is making sure that you’re the only one who knows them. This is normally relatively easy, but here’s where I fell through last week. You see, I normally have multiple terminal windows and multiple instant message windows open at the same time, and I am not always as cautious as I could be about what text goes in what window. Pinging someone “ls” or “exit” is embarrassing, but not problematic.

No, the problem came mid last week when I accidentally pinged my friend Inga one of my more important passwords instead of entering it into the prompt I intended. My advice to you: don’t do this. It’s a bad idea.

I went ahead and changed my password. Here I learned another lesson about choosing passwords, one that isn’t frequently mentioned:

When selecting a password, you should always make sure that it’s something that you can type. By which I mean, think a bit about balancing letters on both sides of the keyboard. Muscle memory will help save you from typos in common words, but a string of random letters is going to take much longer to settle in. Forgetting your password is one thing; mistyping it two out of every three attempts because of, say, a four-character cluster of home-row characters for the left hand is downright embarrassing.

I have yet another new password now. And it seems to be working out well for me so far. Here’s hoping it will work out for me.

1 Response to "Lessons in password security"

I seem to remember I once changed the name of my hard drive to my AOL password. Accidentally. I don’t know how I accomplished that.

Comments are closed.