We all know that setting up a password on a computer, or anything for that matter, is a real pain. The average person could have up to twenty passwords that they must remember. And what do most of us do to remember those passwords? That’s right we write them down!
Passwords protect personal information – information we don’t want anyone and everyone to know! In our personal lives, this means confidential information like financial information, private letters, and legal documents. In the corporate world this may encompass anything from personal computers to mainframe servers.
Avoid Dictionary Words
However tempting it may be, using passwords that can be found in the dictionary is not good. If someone really wanted to crack that password they could use a very simple key logger, or brute force program to crack the password. The Brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message. (http://en.wikipedia.org/wiki/Brute_force) And finding a Brute Force program is almost as easy as buying milk.
No Personal Information
Personal Information should be avoided at all costs. Think about it, why create a password that identifies very thing you’re trying to protect!? Social Engineering is a way for someone to get confidential information by manipulating users. For example a user could get personal information by impersonating a telemarketer and ask for your birth date to verify information. A lot of users like to use special events, birthdays or social security numbers as passwords for simplicity. Password security is very important and should be just as important as keeping your social security number from strangers.
References
Wikipedia (http://en.wikipedia.org/wiki/Brute_force
http://www.securityfocus.com/infocus/1537
