We all keep important files and information on our computers, and one of the most basic aspects of securing that information is to have a good password. This is harder than it sounds. The hardest part of having a good password is that you need to remember it, yet it must be hard to guess. The most common type of attack against passwords is a dictionary attack, where the attacker takes a (long) list of common passwords [1] and tries them, as well as permutations on them, to see if any of them match. In general, words and permutations on words then make poor passwords. One technique that you can use is to choose a phrase that is easy for you to remember and then to choose the nth letter from each word in the phrase as your password. Typically this will generate a password that appears closer to random and is harder to guess. Another approach is to choose a random password, but to write it down on a piece of paper that you keep with you. It might seem wrong to write your password down, but look at the risks. If someone has access to your wallet, then you probably have bigger concerns than if they get your password. It is also a good idea to change your password on a regular basis. Your password (especially in a single sign on system like we have here) can be exposed in many places and times, so changing it regularly can help to minimize the damage done. There are tools that you can use to evaluate how good a password is (e.g., [2]). You should only use them to play with ideas for passwords though. Unless the application is on your machine, and you are sure it does not communicate back to anyplace else, you should not use a real password on the password checkers.
[1] http://geodsoft.com/howto/password/common.htm
[2] http://geodsoft.com/cgi-bin/pwcheck.pl
Originally published in Standard Output, Vol. 1, No. 2, October 2006.