The how and why of secure passwords
What does a password do for me? What is wrong with using my favorite color, pet’s name, or my birthday? How can I remember my password if it is so complicated? Why does PEAK make such a big deal about password security? These are common questions that we at PEAK often hear. PEAK has recently stepped up its security to keep our customers safe online. I would like to help you understand why. Let’s start at the top.
What does a password do for me?
Every account with PEAK, or any Internet company for that matter, has two pieces of information to uniquely identify it; a username and a password. The username is part of your email address, and so it is public. For example if my email address is joeuser@PEAK.org then my username is joeuser. The password is used to verify that I am owner of the account joeuser. A password is a secret combination of numbers and letters that should be known only by the owner of the account and PEAK’s servers. Sort of like a PIN that you use to access your bank account.
Why can’t I use ‘x’ as my password?
At PEAK all new passwords have to meet the following requirements to insure they are secure against people who will attempt to guess your password, we call them crackers.
- include numbers, letters and punctuation
- be at least 8 characters long (each number, letter or punctuation mark is one character)
- not be single words that could be looked up a dictionary
- not be based on a proper name
The more random the password the better. Password crackers can use computer programs to test thousands of passwords with a known username in a matter of minutes. So if your password is in the dictionary then it can be guessed by a computer in less time than it takes you to read your email.
How can I remember my password if it is so complicated?
There are several ways to remember your secure password. The two most common methods are password managers on your computer or memory mnemonics.
Password managers are software that store passwords for you on the computer. The simplest form is built into many programs. For example whenever you see an option to “Remember Password” that is a password manager. You can also use a separate password manager to store passwords and other information in a secure encrypted format. If you have Windows, KeePass is a popular free program for storing passwords. You can download it at http://keepass.info. If you have a Mac, then a manager is already built in called Keychain which is accessible from the “Keychain Utility” in your “Applications” folder and integrated into all the software that stores passwords on your Mac.
Mnemonics are just like you learned in elementary school to remember complicated information. Like if I want to remember the order of taxonomies in biology I can use “Kids Prefer Cheese Over Fried Green Spinach” to remember Kingdom, Phylum, Class, Order, Family, Genus, Species. You can come up with a password such as heT=eiK9 then create a mnemonic like “high efficiency Tanks = enhanced intelligence K9s.” Or you could also come up with a mnemonic then create the password. Say we take a famous line from Shakespeare “To be, or not to be: that is the question” and pull it apart to make 2b,n2b?TITQ.
Those are a couple common ways to remember a password. There are many other ways, just find one that works for you.
Why does PEAK make such a big deal about password security?
A secure password is important for both you to protect your account and for us to maintain PEAK’s excellent reputation with other email servers. Recently, many of you may have had you email bounce when you email people who have email addresses at msn.com, hotmail.com, live.com or yahoo.com. This occurred because password crackers launched a major attack on our system and were able to find the passwords for many of our customers’ accounts. They then used those accounts to send torrents of spam through our mail servers. We locked out the affected accounts as quickly as we could but, the damage had already been done. Microsoft and Yahoo had identified our mail servers as sources of spam and blacklisted us which stopped their users from receiving spam originating from our mail server and legitimate email from our mail servers. To help prevent this from happening again, we have now instituted the rules we discussed earlier and began checking all current accounts for weak passwords.
Hopefully, we have been able to help you understand why strong passwords are important and what you can do to choose a strong password. You can also use the same techniques when selecting passwords for other services such as online banking or forum sites.
If you are having a hard time coming up with a secure password, we have created a password generator for anyone to use at http://www.peakinternet.com/passwords. You can also call our technical support line 24 hours a day and we can help you choose a secure password or answer any questions you might have.
On a final note, below is a list of the top 10 most commonly used passwords according to PC Magazine. These are the first things that crackers check, so if you use a password listed below or very similar to one you should probably change it to ensure your account safety.
- (your first name)