Safeguarding Your Password
This information first appeared in MichNet News, Volume 11, No. 1. It is based on copyrighted material (1995) by David G. Beausang, Colorado School of Mines.
After you have created a good password, how can you improve the odds of remembering it?
- Use your new password immediately. Change your password, and then log out and log back in.
- After ten minutes (about the length of short term memory), use your new password again: log out and log back in.
- Don't change your password Friday afternoon just before leaving for the weekend.
- Try to commit your password to memory.
- If you absolutely need to write down your password, make sure that anyone seeing it or finding it cannot determine what it is. Make sure that it is unrecognizable and cannot be associated with your account/username. This is the same principle that applies to the PIN for your credit or bank card—and it can be even more costly.
How often do you need to change your password?
(UALR mail passwords must be changed at least every 90 days)
The effective half-life of your password depends on its exposure. Piano players can read your keystrokes if they can see your hands.
- Did you write down your password?
- Was it accidentally displayed on the screen?
- Did you log in from the hospitality suite at the conference?
- Do you have a nagging feeling you should change it?
- Is it a good, strong password? It is better to have a good password for months than a bad password for days.
It may seem that you don't have much, if anything, to lose if your password is guessed and your account broken into, but that's not true.You can lose your good name and your reputation. Obscene, racist, threatening e-mail from your account, with your name attached, sent to your friends, family, peers, strangers, and world-wide newsgroups, can be as difficult to overcome and correct as a public scandal.
