Choosing a Safe Password
Good secure passwords are one of the most important tools you have at your disposal for protecting your hosting account and the data that you keep there.
One of the most commonly used hacking attempts is what is known as password cracking. In this attack, a hacker gains access to a list of user names and encrypted passwords on a web server. Because the passwords are encrypted, the hacker can't gain access to a web site by directly using the encrypted password, but what they can do is attempt to use a list of encrypted dictionary words to match against the encrypted passwords in their posession.
You may be asking yourself, "How long could that take?". The answer is not as long as you might think. A hacker using a computer and an automated "dictionary guessing" tool can find matches to common dictionary words in a matter of minutes.
To combat this attack, you should not use common dictionary words as passwords. In addition, do not use words spelled backwords or combinations of common dictionary words when creating your passwords as these are common permutations a hacker may try when guessing passwords.
Characteristics of good passwords include sufficient length (traditional UNIX systems recognize and use the first eight characters of the password so plan on choosing passwords seven to eight characters in length), sufficient complexity (UNIX passwords are case sensitive, meaning that uppercase and lowercase letters are not the same, and they may also contain unusual characters such as punctuation characters, so plan on using strange or unusual capitalization and characters), and sufficient obscurity (never use a password that incorporates personal information about yourself that could be easily obtained).
In the book Practical Unix Security, Simson Garfinkel and Gene Spafford offer the following checklist of things to consider when choosing password. To be secure, a password should NOT be any of the following:
Using good passwords is not just good practice, it is essential. A secure password will help you keep your hosting account and the data you store there as secure as it should be.
A metaphor. A philosophy. A way of doing business.
Copyright 1997-2002 - Last update: Saturday, September 14, 2002 at 1:05:04 AM