3by400 facebook   3by400 twitter   3by400 linkedin   3by400 Google+   3by400 blog feed
Have an account?  Login




Top of Mind from 3by400

Our blog posts are the result of issues and opportunities we see in our daily work. They are designed to increase understanding and provide a source of vision for your web presence.
Font size: +
1 minute reading time (237 words)

Choosing Good Passwords

Choosing a good password is always a problem. The essential tension is that a good password should be easy to remember, yet hard to guess. Most people err on one side or the other. Most people choose passwords that are too easy to guess, such as the name of their spouse or pet. Any word in the dictionary makes for a quick security breach. We have other vendors who send us passwords like 8#{aUv7. Yes, it's hard to guess, but also impossible to remember, guaranteeing that it'll have to be written down, copied, pasted, stored, and generally left laying about. Here's some hints of forming usable passwords:

  • Combine two or more words, like 'noneshallpass'
  • Some people convert their passwords into 'leet speak' by substituting zeros for ohs (o->0) and ones for ells (l->1). These are fairly easy to guess as well. The next step up would be to substitute threes for ees (e->3)
  • Even better, if you speak a few words of a foreign language, use them. Such as: 'verb0ten'

NIST standards call for users to change their passwords every 90 days. This is commonly accepted wisdom in the security community, but I remain dubious. I think one well-chosen, well-guarded password is better than a string of mediocre passwords that change so often the user has to write them down to remember which one they're using at the moment.


In closing, have fun with the idea.

Should I have a mobile version of my website?
Three Waves of Content Management - Third Wave