How often do you change the passwords that protect your financial information, personal files, important corporate data, wireless network, online properties, or email privacy? Rarely? Never? Only when (and if) some system administrator forces you to?
And what kind of passwords do you create? Ones that are easy for someone who knows you to guess? Simple dictionary words, maybe with a number at the end? The name of your pet or a sports team? Your phone number or zip code?
Those are all bad, bad answers, as Mark Burnett (with technical editor Dave Kleiman) makes clear in this valuable new monograph. The book presents a number of simple techniques you can and should use to come up with passwords that are very hard to crack, yet easy to remember. Most of us have experienced the failure of imagination that hits when we’re asked to come up with a new password on the spot. So we throw up our hands and use something we’ve used before, or something very simple like the examples above — a dangerous and unnecessary practice.
The book also dispels some commonly held beliefs. A simple fact about you that’s unknown to strangers (e.g., your city of birth or mother’s maiden name) does not make a strong password. Long passwords are not only much, much safer, but can be made easy for you to remember while remaining extremely difficult for an intruder to crack. For example, you can create a strong, unique password that meets all of a system’s requirements (many systems now require a mix of lower and uppercase letters, digits, and/or other keyboard symbols) by combining words and numbers that rhyme, e.g., 425 Take a Drive! (Yes, most systems accept spaces in passwords — that’s just one fact among the many I didn’t know until I read this book — and I’m a computer professional.)
It’s no game. You have to assume that someone is, or will be, trying to crack your password. There are threats out there many of us aren’t aware of, and sooner or later, by some means or other, most of us will be targeted. Maintaining strong passwords is critical in defending against attack, whether it’s by someone who bears you or your company ill will, a criminal enterprise that wants access to your bank account, or a brute force password-guessing attack by a relentless computer program that wants to commandeer your computer for use as a spamming robot. (Can you tell I’ve had some relevant personal experience?)
Burnett writes in plain English, illustrating his concepts with examples, analogies, and stories from his career as a computer security expert. You don’t need to be technically minded, or even especially computer-literate, to understand what’s in this short book. Anyone who uses passwords – and that’s pretty much all of us – could benefit from a sprint through Perfect Passwords.