10 myths about Windows passwords

Mon Feb 25, 2008 2:23PM EST

See Comments (124)

When I first clicked on this article, I expected to see yet another diatribe telling you to use numbers, mixed-case letters, and special characters when you created a password. Boy was I wrong.

Get past some of the geeky language and you'll find a truly eye-opening story about the security of passwords in Windows.

Some key points from the piece (at least, points that challenge the conventional wisdom of password security):


  • Random passwords aren't necessarily more secure. Strings of garbage like Gh&739(*j are hard to remember, easy to mistype, and can be vulnerable to password crackers, especially if they are short.

  • The most secure passwords are 15 characters or longer.

  • Replacing an "o" with a "0" does nothing for security. Do you really think a hacker can't figure out to try d0g instead of dog? Adding a few digits to a cracking program is no big deal.

  • Realistically, changing your password every four months is good enough.

  • Documenting your password is not necessarily a bad thing. If a password is written down and stored securely (say, in a safe), this can be useful if an employee quits, for example. Many people store their passwords in a safe deposit box in the event of emergencies, so spouses or children can get access to bank accounts and the like.

Surprisingly, Mark Burnett's piece dates back to 2002, but the lessons are still relevant today. Give it a spin. Maybe consider changing your passwords this weekend.

Comments on 10 myths about Windows passwords

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 106 Posted by reza_nasr_erfan on Thu Sep 3, 2009 8:38PM EDT Report Abuse

    knowledge is power ........ every one who knows more is stronger and can see farther when i know more than hacker ,so hacker can not do anyting more ,the more digit we use for password is much better is like you tie the hackers hand.also changing password in period of time is must important.

  • 107 Posted by reza_nasr_erfan on Thu Sep 3, 2009 8:38PM EDT Report Abuse

    knowledge is power ........ every one who knows more is stronger and can see farther when i know more than hacker ,so hacker can not do anyting more ,the more digit we use for password is much better is like you tie the hackers hand.also changing password in period of time is very important.

  • 108 Posted by corky1949@sbcglobal.net on Tue Feb 26, 2008 1:00PM EST Report Abuse

    To me passwords are like locks on a door. It only keeps honest people honest. If some one wants in bad enough they will get in. Same with passwords. Thats why I don't keep private things on my machine like bank info and the like.

  • 109 Posted by wlcatl on Thu Sep 3, 2009 10:48PM EDT Report Abuse

    Why are only 5 myths listed in an article entitled "10 Myths About Windows Passwords"?

  • 110 Posted by ramfisher65 on Thu Sep 3, 2009 8:27PM EDT Report Abuse

    I think I'll just switch to fingerprint id....safer?...probably not...lol

  • 111 Posted by jjovane on Thu Sep 3, 2009 4:36PM EDT Report Abuse

    Crack a password is easy as: 1)If somebody is stupid to leave it on their desk. 2)If you really know the person, relatives, aniversaries, etc. You can easly make a Unix brutal force program. 3) Do an exelent random mathemtical program based on unix. So the best thing you have to do is change your password every week or so otherwise if someone want to get into your account they will do it.

  • 112 Posted by thefever_y2k on Thu Sep 3, 2009 10:04PM EDT Report Abuse

    This probably illustrates the point that we need to change how we protect our computers rather than relying on a password scheme. 15 characters? Are you kidding me? I'd like to have a system that works on picture passwords rather than words. But whatever you use, you need to go against the conventional wisdom of allowing it to be automated.

  • 113 Posted by wmikes on Thu Sep 3, 2009 10:49PM EDT Report Abuse

    LOL. i can haz passwordz?

  • 114 Posted by russell.sommers on Thu Sep 3, 2009 8:56PM EDT Report Abuse

    How about a phase you can memorize that's in a foreign lanquage? Anyone got thoughts on that? I am new to all of this and ignorant about a lot of this technical stuff, so don't hesitate to scoff if it's a dumb idea. I presume MOST hackers are after us Americans and presume we will use English words and phrases...right? So why not visit some library or foreign language dictionary and just grab some foreign words and string them together into a long password? Remember how the Navajo code-talkers drove the Japanese code-breakers nuts in WWII...just a thought. They never broke our code. Of course, they didn't have computers or sophisticated hacker-software. Even so, I should think that penetrating an alien culture/language/calendar-system might give hackers an even harder time of it. How about Klingon passwords...conmingled with Chinese calendar...blended with a bit of Arapaho...to slow the 'Pitaaachs' down? Haha...

  • 115 Posted by sr59899 on Thu Sep 3, 2009 9:37PM EDT Report Abuse

    I can't remember anymore passwords

  • 116 Posted by jeditheskyisblue on Thu Sep 3, 2009 4:31PM EDT Report Abuse

    No password is safe if someone wants hacker really wants into your account they will get in.

  • 117 Posted by phil_ste on Thu Sep 3, 2009 8:10PM EDT Report Abuse

    to get around the password. Load into safe mode, pick admin then go to control panel user accounts and delete the password of the account you want to enter, reboot and select that account. and YOUR IN phil_ste@yahoo.com

  • 118 Posted by phil_ste on Thu Sep 3, 2009 8:10PM EDT Report Abuse

    to get around the password. Load into safe mode, pick admin then go to control panel user accounts and delete the password of the account you want to enter, reboot and select that account. and YOUR IN phil_ste@yahoo.com

  • 119 Posted by alo5151@att.net on Thu Sep 3, 2009 2:51PM EDT Report Abuse

    It's Lke anything else in life if you work at it long enough you're going to get it it's just that simple! good bye! alo5151

  • 120 Posted by rstrojny1 on Thu Sep 3, 2009 8:54PM EDT Report Abuse

    Hackers are cowards who hide behind anonymity just like terrorists. Yellow to the core...

  • 121 Posted by vodojax on Thu Sep 3, 2009 10:38PM EDT Report Abuse

    I HAVE A PASSWORD THAT EVEN THINKING ABOUT IT,OR THE LIKES OF IT, CAUSES NAUSIA,AND PEOPLE THROW UP..

  • 124 Posted by thegoschman on Thu Sep 3, 2009 10:04PM EDT Report Abuse

    Sorry for the posts, the info kept getting cut off. I dropped the idea of using shoe size & birthdays , dog years & tire size, and all the other usual styles for designing passwords. I began using patterns (W or LL or M or V or X etc). Once I get a pattern that fits all the requirements, all I have to remember is the 1st character because the pattern will not change. When the password expires all I do is shift to a new location on the keyboard and that%

More Posts: First Prev 5 6 7 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.