Best Practice

Depending on who you talk to, the advice could be very different. For years the advice was never to write down a password. And many systems didn’t even allow you to enter long passwords. Well, things have mostly changed now.

The advice from giants like Microsoft and Apple revolves around creating passwords from phrases. These techniques certainly work, but they can be a lot of effort. Graham Cluley, senior technology consultant at Sophos explains it very well in this video.


Bruce Schneier is one of the best on security, and his blog is well worth reading. He has articles about how often you should change passwords, And here’s a really usable approach to passwords. For a brainbox, he talks a lot of common sense. For example, he says:

“If you can’t remember your passwords, write them down and put the paper in your wallet. But just write the sentence – or better yet – a hint that will help you remember your sentence. Or use a free program like Password Safe, which I designed to help people securely store all their passwords. Don’t feel this is a failure; most of us have far too many passwords to be able to remember them all.

Passwords can still provide good authentication if used properly. The rise of alternate forms of authentication is more because people don’t use passwords securely, and less because they don’t work any more.”

But if you want really practical advice, the guys at Lifehacker have it all:

  • How to update insecure passwords
  • Reasons why you need to use different passwords
  • They even have advice for Mac users
  • The US Department of Homeland Security has some good advice too.

    Social engineering is on the increase, so be careful never to give out your password or any personal details to anyone who calls you or contacts you out of the blue. And certainly, don’t send security information by email. To hackers email is just like reading a postcard. Remember that it is really easy to make an email look as if it is coming from someone else. Watch out!


    Boffin Zone

    The boffins at SANS have excellent advice for the enterprise, but it is mostly too technical for individual users. And at the University of Cambridge, they analysed password re-use empirically.

    Ars Technica studies the history of passwords. And they report on another approach to image recognition and memory, rightly pointing out that humans are quite good at remembering pictures.


    The PasswordGear Way

    We have developed a new way of remembering passwords, because pretty much all user-generated passwords (even phrase-based) are sub-optimal in that they use predictable patterns and prefer some characters over others. So you start with a genuinely complex password, and use our clever Hookup System to remember it. You don’t need to use our iPhone App or software for it to work, but our tools definitely make things easier.

    As other experts have mentioned, password managers are very good at storing many passwords. And we agree. We think more people should use password managers for the passwords they can’t remember.  But of course, you will always need master passwords for these password managers, as well as the login to the computer itself. So we think the best possible approach incorporates both PasswordGear and other password managers.