There are some key points you need to remember to protect yourself and
your account. If you take a close look at following "do and don't,",
they are basically flat out good common sense.
(However, we're living in an era when "good" common sense
becomes a rare commodity) Remeber, 99% of security
compromise is resulted from careless holes in user's side not from outside hackers.
Remember, "security" means preventive
proactiveness, and you should never be confused it with
"scooping aftermath."
NEVER give your password to *ANYONE*
The whole purpose of having a password in the first place is to ensure that
*NO ONE* other than you can use your account.
NEVER write your password down
Especially never write your password anywhere near your computer.
NEVER let anyone look over your shoulder
when you enter your password
"Shoulder surfing" is the most common way
that accounts are hacked. Here's a common sense
password etiquette you may take a look.
NEVER e-mail your password to anyone
Sounds so evident however you'd be really surprised
to find out how many people completely disregard the
security when e-mailing. Remember, your e-mail is by nature
a unencrypted, text file that anyone can read if
one can get a hold on yours.
DO change your password on a regular basis
There is no better way to thwart a would-be hacker/cracker than to
change your password as often as possible. Your system administrator
should be able to tell you your system's recommendation on how often you
should change your password, but a good rule of thumb is to change it at
least every three to six months. (I do agree with you on that this is such a
hassle, however)
DON'T pick a password that is found in the dictionary
When you set your password, it is encrypted and stored into a file.
It is really easy for a "hacker/cracker" to find your password by encrypting every word
in the dictionary, and then looking for a match between the words in
his encrypted dictionary and your encrypted password. If he finds a match,
he has your password and can start using your account at will.
NEVER use your user id as your password
This is the easiest password to crack. Yet sounds unbelievable, quite
number of users are still doing it. If you're one of them, change your
password right now!
DON'T choose a password that relates to you personally
or that can easily be tied to you
Some good examples of BAD
passwords are: your name, your wife/husband/sons/daughters' names, your
relatives' names, your dogs/cats/pets' names, nicknames, birthdates,
license plate numbers, social security numbers, work ID numbers, and
telephone numbers. No, this is about neither dealing with an espionage
case nor getting "eternally" paranoid. It is just a good common sense!
DON'T use passwords that are foreign words
The hacker can get a foreign dictionary, and ...
DO use a password that is at least . . .
eight characters long and that has a mix of letters and numbers.
The minimum length of a password should be no shorter than
six characters long.
NEVER use the same password on different systems or accounts
Another common mistake that we all make.
Think why you're using a password in the first place.
ALWAYS be especially careful when you telnet or rlogin . . .
to access another computer over the Net. When you telnet or
rlogin, your system sends your password in plain text
over the Net. Some crackers have planted programs ("snoopers")
on Internet gateways for the purpose of finding and stealing
these passwords. If you have to telnet frequently, change
your password just as frequently. If you only telnet
occasionally, say, for a conference trip out of state/oversea, set up a new
password (or even a new account) just for the trip. When
you return, change that password (or close out that account).