The Downside of Strong Passwords
In today's day and age, you need to know a good number of passwords. And in order to be secure, more often than not you need to change these passwords at some predetermined time (three months, six months, every full moon, each time Lindsey Lohan enters rehab, whenever Hugh Grant is caught making love to a transsexual). I have found that the more often that you change these passwords and the greater the strength they have, the higher the likelihood that users will have the new passwords taped under a keyboard, hidden in a desk drawer, tattooed on their inner thigh, or even taped to their monitor (I have most definitely seen this one, and the tattoo one too).
In an ideal world, people would keep these passwords for a week or two until they remember them and then discard any and all evidence of said passwords. Maybe I'm some sort of super genius (which would explain why my head is three times the size of a normal person's head), because this is how I've always done it myself. I've got about five or six passwords that I use for most everything and they're all random mixes of letters, numbers, symbols, and animal noises (bird noises are my favorite). Typically when I introduce a new password into the mix, I've got it down pat in a week or two. I've seen so many users though that are simply incapable of doing this, even though they enter the same password every day for months, sometimes years.
Is it really all that insecure to have a strong password and have it written down at your desk? There is certainly a risk, but that all really depends on where you work and who you work with. If you work where the general public is near your desk at any time, you best not be leaving those passwords for them to find. How trusting are you of your coworkers is another factor to consider. Many of them will have access to your computer after hours or even in brief moments when you're away from your desk. With your password, it'll be no trouble for them to maybe read your email or worse still, send out emails as you. Good luck arguing that one as you're packing up your desk because pictures of Hugh Grant making love to a transsexual were sent out from your email account.
Also consider the most extreme case, what if someone breaks into your office? Chances are you don't keep a ton of money there (unless you work at a bank or a really boneheaded company that wants to be robbed or bankrupted in a fire), but there is going to be a lot of valuable information on your computers.
Even with users keeping these passwords at their desks, it's still a lot better than the alternative of using easy to remember passwords. You might feel safe and cozy behind your corporate firewall, but if they password to get in is "Firewall" and your the password to get into your computer is you birth date, children's name, or favorite Little Rascal, chances are you're going to get hacked. You might think you're a small potato in a sea of giant potatoes, but many of the hackers are using automated tools to find you and get in using known vulnerabilities and simple passwords. We setup a test server with access to the Internet at one of my previous employers and had hackers that day trying to get into it. And that was six years ago, I'm sure they're more advanced now.
If you have trouble remembering your password, try creating flash cards to help learn it (and then promptly destroy before they fall into enemy hands) or create a fun mnemonic to help you remember. For instance, if your password is "divj32we!", you can remember this with the simple phrase "Daren Is Very Joyous 32 Weasels Exploded!". Perhaps your password the next time you have to change it could elaborate on Daren's unnatural hatred of weasels (childhood trauma most likely).
I like to be safe rather than sorry... remember those passwords and destroy any written down copy once you know it. When I'm still learning my password, li
This article has been view 420 times.