I read something a long time ago and I think it still holds true today:

Treat your password like your underwear. Change it often and don’t leave it lying around.

I think we would all agree that it is important to regularly change your password. Jared has generously offered to let me repost his excellent post about password changes. Enjoy the read.

It’s password-changing time

Ever since getting hacked, I’ve become more diligent about security. One of the easiest ways to help protect yourself is to remember to change your passwords (both on websites and on your computers) every 45 or 90 days. Here at work, our IT department instituted a more secure password policy that requires domain users to change their passwords every 90 days. Since I log into the domain every day, I see the “You have 10 days until your password expires” message when the time to change is drawing near. I decided to use this as a reminder to change my passwords - and I’ll make it your reminder too!

If you’re anything like me, one of the issues with changing all of your passwords is that there is just so many! I was thinking to myself, “Self, how can I keep track of all of the places I need to change my passwords?.” Then it came to me - keep a tally! I set up an Excel spreadsheet (Excel example | pdf example) broken down into categories of the places I need to change my password at.

Of course, the first time through is going to be the hardest, especially since you probably can’t remember (read: I can’t, so you shouldn’t be able to either) every website with a password. Build up the list as you go, and next time it should be simple! Just remember to add a new line for each new password when you create it, that way your list stays as up-to-date as possible.

If you need a good online password generator, I like to use the Secure Password Generator. Set the settings to whatever your password requirements are (I don’t like the “no similar characters” setting) and generate away. I like to set it to 50 and read through them. It took me about 10 minutes until I found a password that I liked - lots of different characters but something I will be able to easily remember.

Let me know what you think and if this idea will help you out any - I know it will me!

Edit: As Josh was reviewing the first revision of this article, his first question was, “Have you heard of KeePass” to which I responded, “Yes, I have.” In fact, I use it (it can be installed on a usb drive), but my method doesn’t store passwords, just reminds you which ones to change. Still, it’s a great piece of software!

Similar Posts:

• Creating and Keeping Strong Passwords
• Psst! What’s the Password?
• Create a Disposable E-mail Account on Your Domain
• Wordpress Theme Generator
• Secure Your Compute in 20 Minutes

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2007/06/21/change-your-password/trackback/

 

9 Responses to “Change Your Password!”

1. jaredharley.com | Blog Says:
   November 30th, 1999 at 12:00 am

   .” In fact, I use it (it can be installed on a usb drive), but my method doesn’t store passwords, just reminds you which ones to change. Still, it’s a great piece of software! Edit Edit: Reposted at Daily Cup of Tech - thanks for the link! Photo by Bruno Santos

2. Jason T Says:
   June 21st, 2007 at 10:04 am

   I like it, but I think the Keepass way is better. If you’re going to use Keepass anyway, why have the extra spreadsheet to keep track of, maintain, and lose? You can use KP to both keep your passwords and have the expiration reminder. Just my opinion.

3. bobwool Says:
   June 21st, 2007 at 10:35 am

   Problem with frequent Windows password changes: Scheduled Tasks won’t run. They require entering the password for the user - if it changes, all the tasks would need to be updated with the new password (PITA).

4. Tim Fehlman Says:
   June 21st, 2007 at 10:47 am

   The way that I deal with scheduled tasks is to create a SchedTask user, remove the ability for the user to log on interactively, and then run all scheduled tasks as that user. Then, do not change this password. Make this password something incredibly complex so that it is not easily guessed and monitor carefully any interactive login attempts to come in as this user.

   Tim

5. Jared Harley Says:
   June 21st, 2007 at 11:14 am

   For anyone trying to visit my webpage right now, please be patient - I made a dns change, and now we’re waiting for the propagation to happen…

6. John May Says:
   June 21st, 2007 at 11:41 am

   For a lot of people, some of which are users on the network I administer, password change time means they will change their password by incrementing the number at the end of their child’s name. New policies dictate they must use a capital and one special character, and it must be at least 6 characters long and can’t be a previously used password.

7. Tim Fehlman Says:
   June 21st, 2007 at 11:58 am

   I think, as IT personnel, it is important for us to be able to enable users by giving them good strategies for creating easy to remember but difficult to crack passwords.

   That being said, it is not an easy task!

   Tim

8. Jared Harley Says:
   June 21st, 2007 at 12:11 pm

   @ John May:

   The University’s (my work) policy on passwords has gotten quite strict. Our policy is now:

   Passwords must contain characters from at least three of the following four classes:
   o Upper case letters
   o Lower case letters
   o Numeric (0 to 9), this should not be the first or last character
   o One special character, this should not be the first or last character
   o Where technically feasible a password history of 14 passwords must be retained to limit password reuse.
   o User accounts must change passwords every 90 days.

9. John May Says:
   June 21st, 2007 at 1:17 pm

   It’s funny because we can be as strict as we want, make all the policies that we want and enforce password changes, but people still share their passwords, even when they can be terminated or reprimanded for it. It seems like I spend about 25% of my time resetting accounts because of forgotten passwords. Some of the more savvy computer users get it, but the others I try to teach mnemonics to, so they can have a fairly obscure password, which is easy to remember.

10. prepostra Says:
    June 21st, 2007 at 4:58 pm

    I have been using this with good results. I took a copy of the web page and put it on my PocketPC as well as one or two of the mywebsites as a “hidden” page.

    http://labs.zarate.org/passwd/mobile.html

    I also noticed there is a new stronger(?) version here (untried)
    http://labs.zarate.org/passwd_new/

    I also use Keepass for all those ones you cant control (domain keys, etc)

Leave a Reply