10 myths about Windows passwords

Mon Feb 25, 2008 2:23PM EST

See Comments (124)

When I first clicked on this article, I expected to see yet another diatribe telling you to use numbers, mixed-case letters, and special characters when you created a password. Boy was I wrong.

Get past some of the geeky language and you'll find a truly eye-opening story about the security of passwords in Windows.

Some key points from the piece (at least, points that challenge the conventional wisdom of password security):


  • Random passwords aren't necessarily more secure. Strings of garbage like Gh&739(*j are hard to remember, easy to mistype, and can be vulnerable to password crackers, especially if they are short.

  • The most secure passwords are 15 characters or longer.

  • Replacing an "o" with a "0" does nothing for security. Do you really think a hacker can't figure out to try d0g instead of dog? Adding a few digits to a cracking program is no big deal.

  • Realistically, changing your password every four months is good enough.

  • Documenting your password is not necessarily a bad thing. If a password is written down and stored securely (say, in a safe), this can be useful if an employee quits, for example. Many people store their passwords in a safe deposit box in the event of emergencies, so spouses or children can get access to bank accounts and the like.

Surprisingly, Mark Burnett's piece dates back to 2002, but the lessons are still relevant today. Give it a spin. Maybe consider changing your passwords this weekend.

Comments on 10 myths about Windows passwords

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 26 Posted by tanwaye97 on Thu Sep 3, 2009 9:55PM EDT Report Abuse

    hey tim, better watch out! bombs may be a serial hacker! you may be his next target! jkjkjk!!! :)

  • 27 Posted by wormdaddy42 on Thu Sep 3, 2009 10:49PM EDT Report Abuse

    If you are someone, or work with a company that is susceptable to attack, remember this is a machine that is capable of attacking back, and you can leave a lot of surprises, that if stumbled upon in attack mode, can be devastating to the attackers machine. Just a thought.

  • 28 Posted by linkmaster_erich on Thu Sep 3, 2009 6:53PM EDT Report Abuse

    Wow i never guessed hackers could do that. i bet there all nerds who stay at home all day and hack. (lol)

  • 29 Posted by domedweller2 on Thu Sep 3, 2009 3:46PM EDT Report Abuse

    One way to make real hard for anyone to guess your password is to make completely ramdom. Pick a book,choose a page then choose a page number then a another number for the word,if that word is too short or too long go to the first word that contains a certain number of letters. Most people use words that have special meaning to them and that makes easy to guess for someone who knows them well.

  • 30 Posted by ntrospctv on Thu Sep 3, 2009 7:42PM EDT Report Abuse

    The password is shizzlefrazzlefrats. Now thats over 15 characters long. Baby fry the bacon cause daddy's comin home!

  • 31 Posted by patrickpcco@sbcglobal.net on Thu Sep 3, 2009 8:01PM EDT Report Abuse

    Any Hacker of merit can acces your computer at will. To protect your password is like hiding the key to your front door under a rock outside. The thief may not even need it to gain entry; but you can rest assured that if a thief wants you, you are exposed. Do not rely on the security of a password. If you have sensitive material on your computer you must change your password often and consult with an IT security professional to provide sufficient obstacles to prevent the "break-in". A layered approach is the best defense and will send the thief packing. They know that there are easier prey on down the cyber highway. So remember if you must store sensitive data on your computer protect it intelligently by seeking the education you need to prevent the loss.

  • 32 Posted by cristimocanu on Thu Sep 3, 2009 3:31PM EDT Report Abuse

    the password to my bank account is ************. good luck.

  • 34 Posted by larue0715 on Thu Sep 3, 2009 4:56PM EDT Report Abuse

    A problem that everyone faces these days is that in the age of modern technology, just about everything needs a password. You have so many passwords that you can't even keep up with them all. It would be different if you only had one or two but when you have about 15 to 20 (and that's conservative) what do you do?

  • 35 Posted by kevin_gerard70122 on Thu Sep 3, 2009 4:50PM EDT Report Abuse

    Hackers remember: Whatever you steal will eventually be stolen from you!

  • 36 Posted by kmarchand22 on Sun Jan 21, 2007 7:39AM EST Report Abuse

    Darkhunterforthemoon- thankyou for pointing out the facts behind what the other guy said- it saved me the trouble of doing so myself....

  • 37 Posted by naggingmaggie on Thu Sep 3, 2009 7:32PM EDT Report Abuse

    to bombs49 - we SHOULD be able to have our passwords that simple. We don't need a world full of dishonest people. My mama used to say You can't lock out a thief but you can make it harder for him to get in. from another slob

  • 38 Posted by mannyyukk on Thu Sep 3, 2009 7:05PM EDT Report Abuse

    yeah if someone hacks my password he or she will end up dead or a lifetime of misfortunes think again if want to hack me or malign me beware ;-)

  • 39 Posted by jimu006 on Thu Sep 3, 2009 4:35PM EDT Report Abuse

    Simple password if you have nothing to hide. sensitive info is stored differently with hard long passwords and/or numbers.Always best to separate the Gobbledegook.jimu006

  • 40 Posted by the_replacement_ki11er on Thu Sep 3, 2009 10:06PM EDT Report Abuse

    That's a stupid attitude to have. You giving people who crack passwords, a right to do it. That's like taking your car to a garage and the guy telling you, you need $500 worth of repairs. Because you don't know better, it gives the guy a right to rip you off.

  • 41 Posted by ibwink on Thu Sep 3, 2009 4:22PM EDT Report Abuse

    Even with your password being changed and things, they always find a way to get in. Then they change your personal info and you can't get in. That's a pain to fix.

  • 42 Posted by belicson on Thu Sep 3, 2009 3:04PM EDT Report Abuse

    I think we all need to get past the point of using the words "geek" and "geeky". Much like the phrase "do the math".

  • 43 Posted by ppj166050gemini on Thu Sep 3, 2009 8:18PM EDT Report Abuse

    Thanks for the useful information. the article was very helpful, and interesting. This article was needed. should the password be changed every six months? (pj1650boop)

  • 44 Posted by zmorgaine on Thu Sep 3, 2009 11:01PM EDT Report Abuse

    It is my understanding that, essentially, having a password is pointless because many individuals (geeks) and the government have software that will crack a password in a matter of minutes or simply bypass the passsword protocal on Windows, etc. Even using BIOS passwords on each computer (as I do) can be defeated by a person (or again: the government!) taking your computer and completely powering-down the computer to include the small batteries mounted on your mother-board. In conclusion I'd have to say this: passwords only keep the "honest people honest." -JWS

  • 45 Posted by chief_sampson_detective on Thu Sep 3, 2009 3:23PM EDT Report Abuse

    I've been on both sides of this issue since the ENIAC days and all I can say is keep nothing on your PC that you can't afford to lose. habibiguy's advice to store any private data on restricted access computers is good advice, as well. More tips include monitoring as well as restricting all ports and lowband, and when it comes down to it, forget anonymity on the web...it's merely a matter of how badly someone wants you, and how much they're willing to spend. The Windows password reset boot CDs are ancient news (yawn, for all MS OSs, past and well into the next two decades...for crying out loud people when are you going to wise up to MS's game/racket?). Word has it that the NSA has already perfected a system (for ~5 years) that will access and crack your box over the power lines alone (no modem/cable connection needed). Remember though, its a system run by humans (hint, hint, put on your thinking caps, folks). Semour Cray may have bit the bullet, but fret not friends, Mr. Wizard is alive and well in Palo Alto.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.