When the list of the worst passwords for 2013 did the rounds last week, I’m glad that a few media outlets went beyond mocking those who used them and gave some practical advice.
ABC 105.7 Darwin was one of them. On Thursday morning 23 January I spoke with breakfast presenter Richard Margetson.
While it was a light-hearted chat, we also managed to sneak in the advice: use different passwords for everything important; the longer the password, the better it is; email account passwords are particularly important; use password management software to keep track of them all.
Searching the internet for “how to choose a good password” generally delivers reasonable advice, but I reckon Microsoft’s advice and password checker ain’t too bad.
[Update 1510 AEDT: As Nick Andrew points out, the problem with Microsoft’s password checker is that you’re typing your password into Microsoft’s website — which is obviously a Bad Idea. So my recommendation is to use it to explore how different choices for your password affect its strength, and then choose something different again for your real password based on what you’ve learned.]
Podcast: Play in new window | Download (3.1MB)
The audio is of course ©2014 Australian Broadcasting Corporation.
Personally I’d avoid the Microsoft checker. Its logic seems poor so:
passwordpassword and password1234567 are both reported as strong but
tn6B99: is weak.
That said, their advice, below the strength checker, is good except that it misses out the first advice I’d give. Use a completely unique password everywhere possible.
@Matthew Godfrey: I suspect that part of their logic there is that longer passwords are better than shorter passwords, because all the hashes for short passwords (12 characters or fewer, or thereabouts), have already been computed in rainbow tables.