Tuesday, January 26, 2010

Password security

The experts have advised on secure passwords, to prevent hacking, as follows:

- at least 8 characters long
- does not contain all or part of one's name
- mix of upper and lower case characters
- does not have repeated numbers or characters side by side
- password must be changed every 3 months

It is easy to write these exotic rules, but they are not practical. Most people have to keep more than 20 passwords to log into various sites. If every website has their own exotic rules, it would be impossible for the user to remember all these passwords.

We need to exercise common sense. Many of these websites do not contain critical information. I consider that telephone number, address and e-mail to be public information and are not sensitive. So what, if someone knows my e-mail? It is available in my blog anyway. So what, if they know my mobile phone and call me? They do anyway, and I know how to deal with unwanted callers.

We only need secure passwords for bank accounts involving transfer of money or for e-mail accounts that are accessed daily. In most other cases, there is no need to secure passwords. There are millions of accounts, and there is no purpose in spending the time to hack them, unless a specific person is being targeted. If this is the case, the targeted person can take legal action against the hacker for theft or invasion of privacy.

Tan Kin Lian


STG said...

at least 8 characters "wrong"

long u meant?

Anonymous said...

.. and if your are targeted, they are likely to get your password not because you didn't follow those rules.

A Singaporean said...

The experts have even more suggestions. Some of these suggestions I have seen:

- Don't use the same password on multiple sites.
- Password should contain one or more characters such as !@#$%^&*_-.
- Don't write your password down on paper.

In the end, nobody can track so many passwords when all these suggestions are followed.

Blog Archive