Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Password hint: Think whether yours is good enough

Nov 30, 2003 11:13PM PST

Recent website security scares have brought home the importance of a sensible approach to passwords, at both the personal and corporate levels. Tony Hallett reports on what the industry is saying - and whether passwords are enough.

Tricky things, passwords. They are our most common way of safeguarding digitally stored information over shared media but they are fraught with contradictions. Most obviously, the safer they look - in terms of length and mix of characters - the harder they often are to remember, making them dangerous when end users write them down. Meanwhile employers are increasingly being told passwords - meant to make things safer - are not just frequently insecure but costly to support and legally contentious.

In general, besides changing them regularly, tips include:

- Never use words that can be found in a dictionary - even in combinations - or common proper nouns.
- Make them at least eight characters long and substitute numbers for letters in some cases, for example a 5 for an S.
- Never use passwords across different systems or websites.
- Don't assume someone else won't know you and be able to guess the name of your next door neighbour's cat, for example.

http://www.silicon.com/software/security/0,39024655,39117138,00.htm

Discussion is locked