When You Must Use Passwords
Use these guidelines in situations in which you must use passwords for authentication.
July 16, 2006
Despite the fact that password alternatives are available, you might find that you have no choice but to use a username and password. Here are a few tips for such cases:
Patronize Web sites that require usernames and passwords only if the Web sites use Secure Sockets Layer (SSL). If you can t connect to a Web site by using HTTP Secure (HTTPS), or if the padlock or equivalent symbol doesn t appear in your browser for that site, don t use the site.
Choose strong passwords at least eight characters in length and consisting of upper and lower case letters, numbers, and punctuation symbols. If possible, use a passphrase at least 16 characters in length (e.g., TheC0wJumpedOverTheM00n! ). Easy to remember, they re almost impossible to brute-force crack and aren t easily subject to attacks that use rainbow tables (sets of possible password hashes and their precomputed plain text equivalents).
Choose a different password (and username, if possible) for each system. If your credentials are compromised on one system, an attacker can t use them on other systems.
Given that you ll end up with lots of credentials if you use a different username and password for each account, I recommend you invest in a cheap biometric device such as a fingerprint reader that lets you store each set of usernames and passwords and authenticate to Web sites automatically upon presentation of a finger. As an alternative to a biometric reader, invest in a software-based credential vault such as CodeWallet Pro (http://www.developerone.com/code walletpro/) or RoboForm (http://www.roboform.com).
Don t store credit card or personally identifiable information on Web sites. It might be a nuisance to reenter information each time you use the same site but it s preferable to having to replace your credit cards or deal with identity theft.
About the Author
You May Also Like