Google Offers Advice On Strong Passwords

Passwords remain the primary means of online authentication, despite their shortcomings. That's why Google wants to make sure users' passwords won't be easily defeated.

Thomas Claburn, Editor at Large, Enterprise Mobility

October 7, 2009

2 Min Read

It's National Cybersecurity Awareness Month and Google would like to remind you to choose strong passwords for your online services.

Coincidentally, several thousand users of Windows Live Hotmail, along with some users of Gmail and Yahoo Mail, are in need of new passwords.

SANS Internet Storm Center handler Adrien de Beaupr is advising users of Hotmail, Gmail, and Yahoo Mail to change their passwords following the exposure of several thousand Hotmail credentials on a Web site over the weekend.

According to Microsoft, the exposure was likely result of a phishing scam. And reports indicate that some Gmail and Yahoo Mail account information was also revealed.

Anyone who may have entered account information in a phishing site should pick a different password right away.

Google consumer operations associate Michael Santerre advises using unique passwords for every Web site. He suggests selecting a phrase and using the first letter of every word in the phrase or some variation of that as a password, ideally with special characters added in to make it more secure.

Santerre stresses that passwords should be a mixture of letters, numbers, and symbols to minimize the risk of dictionary attacks, by which cybercriminals use programs to try every word in a dictionary database as a potential password.

Using personal information as a password should be avoided because that information can often be found on social network profiles and aggregated from other online sources. Stay away from the names of pets or children, birthdays, phone numbers, addresses, or the like. They're too easy to guess.

And don't leave passwords on notes next to your computer, Santerre advises. It may sound obvious but it's a common issue.

Finally, Santerre suggests making sure that your password recovery information is up-to-date. After choosing a complex password, you may forget it, and you don't want the password reset e-mail going to an abandoned e-mail account or to someone who might exploit the opportunity to hijack your account.

The most influential event about the Enterprise 2.0 movement is coming to San Francisco this fall: Enterprise 2.0 Conference Find out more and register.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights