I’ve been guilty of it, you’ve been guilty of it, the person next to is probably doing it right now: writing your password down. Continuing through the TrustWave Security report I’m now touching down on a good topic: your password.
This part of the report details writing a password down because of a lack of memorability or lasting uniqueness to the user. It also discusses using various tactics through social interaction, (either personal or through the Net somehow), to obtain your login credentials. I want to focus on something we have all had a conversation about here at the office, especially me because I’m the “new guy”.
Your password has to be significant to you so you can remember it, but it can’t be so obvious that it can easily be guessed or discovered through “brute force”. I would define Brute Force in layman’s terms as someone either manually or electronically cracking your password, using a password generator to go through common words or phrases quickly and easily. Or, knowing you, simply guesses the password. However the password can’t be so confusing or convoluted that you would forget it easily. Some people are getting good at making the complex password, but it’s not memorable, so they either write it down, or risk forgetting it. Also if you have multiple services, using the same password for everything means if your password is compromised, all of your accounts are at risk. The problem with a written record of your passwords, say, at the office is that if someone discovers where this list is, your office identity is now compromised.
The way I have been told to create a unique but memorable password is to pick something familiar to you, use two words put together into one, and exchange some of the letters in those words for special characters (numbers and symbols). I’ll give you an example: sunnyday In order to make this more resistant to brute force you would write it out like this: 5unnEd@y I used special characters and the phonetic pronunciation of Y in the word as E. This password is memorable but also secure. So don’t write it down.
The password portion I used from the TrustWave Security Report can be found on page 39.