Password Tips for Privacy

In a perfect world, you would use a unique password for every password-protected function that you hope to keep private. That unique password would not be (or resemble) any word in the dictionary (password is out, and so is passw0rd). Your passwords would never be written down anywhere, ever.
Got it? Great. Now let’s get real. If you are ready to be responsible about password use but can’t quite follow ideal-world guidelines, here are some down-to-earth tips to make you more secure.

Four Types of Passwords

Passwords generally fall under one of four categories. Before you select a password, try to evaluate what you need it for.

1. Nuisance Logins
Pick one really easy password and use it only for those sites where you know you won’t really care if someone gets a hold of your account. Yes, someone could steal your password — but what are they going to do with it? If you’re worried about protecting your privacy, use a better password; if you aren’t, use the same plain word over and over again and don’t think twice about it. Good examples of nuisance logins are:

. Newspapers and other online content.
. Travel or airline sites like Expedia.com.
. Email lists, or any site that displays your password as unencrypted cleartext rather than asterisks or bullets.
. Online communities and photo-sharing sites.

Some of these types of sites offer to store your credit card information, however; if you choose to do so, then the site falls under Highly Sensitive Information (category 4, below), and you should use a more secure password accordingly.

2. Private Logins
For private matters that aren’t life-or-death, find a random password or invent a semi-random password. For a while I used “14ONHbro” because my kid brother, Oliver N. Hickman, was about to turn 14 and I was thinking about getting him a birthday present when I set up my first email account. (When I was still using that password on his 18th birthday, it was a good sign that it was time to switch to a new password.)

Passwords you should be able to keep to yourself include:

. Your email accounts.
. The FTP login for your Web site.

3. Community Logins
You might need a few passwords you can share with others in your organization (which you should at least change when staff changes). These should be random passwords, but they shouldn’t be the same as any password you use for personal logins. Server passwords and shared Web sites often fall into the shared category.

4. Highly Sensitive Logins
Your last password category is for really sensitive stuff. Ideally, you wouldn’t reuse these passwords. More importantly, these passwords should be truly random, and you should change them from time to time. Examples of highly sensitive information include:

. A Web-based membership database.
. Remote access to your desktop computer.

Not Sure What Word to Use?

Random password generators aren’t hard to find, but one that I like is PC Tools Software’s Secure Password Generator. For more information on password selection, see the University of Chicago’s article Choosing Good Passwords.

One idea for generating a password is to use the first letter of each word in a lyric or phrase that you can remember. For example, “Poverty anywhere is Poverty everywhere!” becomes “PaiPe!”; “Four score and seven years ago our fathers …” becomes “4sa7yaof”

Writing Password Policies for Your Organization

If you’re in charge of creating password guidelines for your nonprofit, here are a few rules to follow.

1. Be realistic. If you impose a rule that no one has time to follow, you are no better off than you were without any policies.
2. Wherever possible, let users set their own passwords. When the whole organization shares a single password, it is much more difficult to change it.
3. Be reasonable. Be clear about why passwords matter to your organization. Is data sensitive? Confidential? Vulnerable to vandalism? There is a difference. If you are asking computer users to respect the confidentiality of the organization, say so. Your rules will seem less arbitrary.
4. Set an example. Never ask users to share their passwords with you. Make sure you know how to reset email passwords, database user passwords, and so on, and let users keep their passwords private. If you are footing the bill, your ISP should have no problem resetting a users’ email password if something happens and you need access to that account.

Tags: dictionary_password, Internet, Office, passwords, password_protected, perfect_world, Windows

This entry was posted on Saturday, May 12th, 2007 at 3:04 pm and is filed under Internet, Office. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related posts

• Windows Vista SP1 Security Vulnerabilities (0)
• Tutorial to Hide visited websites from others (2)
• The beginner’s guide for portable applications – part 1 (1)
• Security Tips for vista Part-2 (1)
• Restoring Confidence (0)
• Put Windows on a Diet (0)
• Origami Experience 2.0 for Windows Vista (0)
• Make IE7 open pop-ups in a new tab (0)
• Create A Batch File To Open Multiple Programs At Once (2)
• 5 Reasons Why Windows Vista Failed (4)
• You can register your Live.com (2)
• XP SP3 and Vista SP1 Share New Critical Vulnerabilities (1)
• XP Service Pack 3 Goes Live (2)
• Windows Vista: An FAQ for Nonprofits (0)
• Windows Vista on-demand webcasts (0)
• Windows Vista Changes to Discover (1)
• Windows Live VP To Resign (0)
• Windows Experience Index Score Explained (1)
• Windows Defender Says Alexa is a Trojan (0)
• Windows 7 Networking (0)