Google Warns Against Weak PasswordsGoogle Warns Against Weak Passwords
A Google engineer's blog post offers tips on protecting personal online records and information with strong passwords.
June 5, 2008
Google would like to take this moment to remind you to choose a strong password.
Too many passwords are weak or poorly guarded. People choose obvious passwords, like "password," or share them with friends or display them on Post-it notes that hang from their computer monitors.
Surveys detailing such folly can be found at PasswordResearch.com, a site maintained by IT security consultant Bruce K. Marshall. They present findings like 70% of people do not have unique passwords for each Web site and nearly half of all people write down their passwords. Read the papers and weep.
Password security is particularly important for Google because Google Account passwords unlock the keys to an individual's Google kingdom from anywhere in the world. (Google does not currently offer a way to limit Google Account access to certain IP addresses or ranges.) There is no firewall to bypass or office to break into when compromising a Google Account. The right password is all that's needed.
Google engineer HongHai Shen wrote a blog post about password security on Wednesday, acknowledging that fanatical devotion to strong passwords -- generating a random eight character string every two or three months -- probably isn't necessary for everyone. But he still believes passwords should be chosen with care. "Whether it's for your Google account, your banking center, or your favorite store, choosing a good password and keeping it safe can go a long way toward protecting your information online," he wrote in his blog post.
HongHai's advice, though timeworn, bears repeating because so few take such recommendations to heart:
Avoid common elements when choosing your password. That means no words you'd find in a dictionary, which might be vulnerable to "dictionary attacks." It also means that clever concatenated phrases like "letmein" or "opensesame" probably aren't all that clever. Figure too on the fact that patterns on keyboards, like "1234" or "asdf" are available on keyboards all over.
Make your password as unique as possible. This ought to go without saying, but, there, it's been said. Add numbers and non-alphanumeric characters to your password. Mix uppercase and lowercase letters.
Create different passwords for different sites. The benefit of doing so is obvious: If someone does steal your password, he or she doesn't have access to every Internet service you use. Particularly for financial and health sites, you should have unique passwords.
Don't share your passwords with anyone. And don't send them in an e-mail if you can help it.
Be careful how you share your information online. Social networking sites in particular have a poor record of keeping user information private and the gadgets that are popular on many of these sites are not developed with security in mind. If there's a way to find out how these sites and applications share data, it can be worth doing so.
Google provides additional password guidance in its Gmail Help Center documents.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023