If you're reading this at work, chances are you have several sticky notes stuck around your monitor or tucked in your desk. The passwords jotted on them are designed to protect your — or your company's — important secrets. Keeping passwords where others can see them is a definite no-no.
Most computer users now have 6 to 8 passwords. All these passwords add up to more than just confusion, says Marc Boroditsky, a computer security expert and chief executive officer of Passlogix.
Having to reset a forgotten password often means an expensive call to IT.
"The largest single category for help desks is the user having forgotten their password and needing it in order to do their job," he tells Steve Inskeep.
But with more and more important functions being done online, passwords are increasingly necessary.
Data that's not properly protected "might mean the exposure of important consumer or individually recognized data," Boroditsky says. "It could be your Social Security numbers; it could be your medical records."
Having a single password for various applications is highly risky — security professionals call it the "keys to the kingdom."
"You want to have unique passwords for every application that you use" and you need "some mechanism to make it easy to recall them" — a system for selecting secure yet memorable passwords, Boroditsky says.
"A tough password is something that doesn't have a word in the dictionary in it, doesn't have any kind of name of a place or a person, it doesn't have a familiar number, like a phone number or a date. But it could be the combination of all of those, and preferably not spelled out in a way that's identifiable."
For example, Boroditsky says, an eBay password might be ebnpr2007 — eb for eBay, npr for a familiar acronym and 2007 for the year. "So, ebnpr2007 isn't a word in the dictionary and isn't easy to guess if you were attempting to gain access," he says.