Choosing a password is always a compromise between using something that’s easy-to-remember and something that will give you good protection for your personal information.
With advice from the security folks at Mozilla, the non-profit organization that brings you the Firefox browser, we’ve put together some simple steps you can take to improve the quality of the passwords you use while keeping everything simple and easy to remember.
There’s a video with the essentials, and all the details are in Choosing Secure Passwords, a three part article.
- Part 1 covers common mistakes that lead to insecure passwords,
- Part 2 shows how to use memorable phrases to make secure easy-to remember passwords,
- Part 3 has ways to get your browser to help manage your passwords, and sync them between your browsers on different machines and mobile devices.
; ?>/wp-content/themes/header_images/CC-BY-SA88x31.png)
Copyright © 2008-2013 Richard A. Milewski
Thanks for the great article. A couple of suggestions, in addition to all the excellent material you already supplied:
* Password recovery questions (‘secret questions’) are nothing but a second password that will authenticate the user for the same account. Your advice to use a real password is great; I think it might be misinterpreted to mean that the user should use the same recovery password on all sites. That’s no different than using the same password on all sites.
* Writing down passwords on paper is more secure than on a computer. The paper is only accessible locally and is not machine-readable. Just avoid writing the name of the site with the password — use some shorthand or somet other method to disguise it. (I forget where I got this idea, but I think it was from Bruce Schneier.)
* If you save the password in your browser, then anyone sitting at your computer can access your account (at least in some situations). For some people that’s fine, but it’s a big risk for others.
* Another reason not to email passwords is that anyone can look your email folders to find most of your passwords.
Thanks again!
Ed,
Good point about the password recovery issue. Reusing exactly the same password across sites would be a mistake.
The risk of saving passwords in your browser depends a lot on how well you’ve secured your browser settings. Firefox users can turn on the Master Password which then adds a layer of protection for saved passwords. Just be sure to turn on the Master Password on all your browsers if you use Sync!
Thanks for the thoughtful comments from someone who obviously values his privacy. (Does the comment system in WordPress really not let you leave the email and website blank? …I’ll check the settings!)
UPDATE: Yes! The WordPress setting were requiring a name and email address. They don’t now.
Richard, this is a great article and I really appreciate, that Mozilla tackles this subject. Education of users on internet security is very important and I think it nicely aligns with Mozillas mission to do more in this regard. A few questions, though: What is the license of the password article? Can people use it as the basis for their own customized guides e.g. on a company intra-net? A CC license would be great for that. Will you translate the text into other languages? And finally: Why is this text published on your website and not on a website run by Mozilla? While I know you work for Mozilla as a contractor and the article is probably a “real” Mozilla publication, others might be more tempted to read the article or to believe in the practices shown, if it were provided by a server run by Mozilla and in the typical Mozilla design. Same would be true for the poster, the brochure and the video, which differ a lot from the usual Mozilla style of presenting things. Anyway, keep up the good work!
Patrick, thank you for the kind comments.
The article and all of the collateral materials (the video, the brochure and the poster) are released under the Creative Commons Attribution – Share Alike 3.0 Unported license. Feel free to reproduce or remix the content.
The brochure and poster are also available formatted for the ISO paper sizes used outside North America.
The core how-to information is the basis for a knowledge base article on SUMO the Mozilla support site. It is working its way through the SUMO review process now, and I expect it will be available soon. SUMO knowledge-base articles get translated into a number of languages.
This release is intended to provide a preliminary test of user interest in material on using the net safely. If it is well received, we hope to create more content similar topics and make consumer education a core activity with a home of its own in the constellation Mozilla web pages. The video is hosted on the Mozilla YouTube channel.
Finally, we need everyone’s help to make consumer education at Mozilla a success. Please suggest topics that would be of interest. If you can contribute articles, cartoons, videos, posters or comic strips, please visit the “Share Your Web Savvy” page on Drumbeat.org and get involved!
fyi your links to parts 2 and 3 are broken.
http://richard.milewski.org/passwords/part-2
http://richard.milewski.org/passwords/part-3
Thanks Byron! They’re fixed now.