10 myths about Windows passwords

Mon Feb 25, 2008 2:23PM EST

See Comments (124)

When I first clicked on this article, I expected to see yet another diatribe telling you to use numbers, mixed-case letters, and special characters when you created a password. Boy was I wrong.

Get past some of the geeky language and you'll find a truly eye-opening story about the security of passwords in Windows.

Some key points from the piece (at least, points that challenge the conventional wisdom of password security):


  • Random passwords aren't necessarily more secure. Strings of garbage like Gh&739(*j are hard to remember, easy to mistype, and can be vulnerable to password crackers, especially if they are short.

  • The most secure passwords are 15 characters or longer.

  • Replacing an "o" with a "0" does nothing for security. Do you really think a hacker can't figure out to try d0g instead of dog? Adding a few digits to a cracking program is no big deal.

  • Realistically, changing your password every four months is good enough.

  • Documenting your password is not necessarily a bad thing. If a password is written down and stored securely (say, in a safe), this can be useful if an employee quits, for example. Many people store their passwords in a safe deposit box in the event of emergencies, so spouses or children can get access to bank accounts and the like.

Surprisingly, Mark Burnett's piece dates back to 2002, but the lessons are still relevant today. Give it a spin. Maybe consider changing your passwords this weekend.

Comments on 10 myths about Windows passwords

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 66 Posted by rtkillen on Thu Sep 3, 2009 8:55PM EDT Report Abuse

    I just read this article and all that I have to say is that passwords, like locks only keep honest people honest. If some one wants in to your computer then a password is not going to stop them. I have taken my computer in for service before and forgotten my Windos password. The copmputer place had no trouble bypassing the password and resetting it. I later asked them if a password was even worth having. They said "No." They said that the only password that will keep people out of your computer is a "Power On" password. It is a password that you have to put in before any programs start, and if it is the wrong password them the computer shuts off. The only drawback to a "Power On" password is that if you forget it you have to buy a whole new computer because the the lockout is imbedded in the bios program and can not be bypassed. Hope this helps. Robert

  • 67 Posted by rtkillen on Thu Sep 3, 2009 8:55PM EDT Report Abuse

    I just read this article and all that I have to say is that passwords, like locks only keep honest people honest. If some one wants in to your computer then a password is not going to stop them. I have taken my computer in for service before and forgotten my Windos password. The copmputer place had no trouble bypassing the password and resetting it. I later asked them if a password was even worth having. They said "No." They said that the only password that will keep people out of your computer is a "Power On" password. It is a password that you have to put in before any programs start, and if it is the wrong password them the computer shuts off. The only drawback to a "Power On" password is that if you forget it you have to buy a whole new computer because the the lockout is imbedded in the bios program and can not be bypassed. Hope this helps. Robert

  • 68 Posted by rtkillen on Thu Sep 3, 2009 8:55PM EDT Report Abuse

    I just read this article and all that I have to say is that passwords, like locks only keep honest people honest. If some one wants in to your computer then a password is not going to stop them. I have taken my computer in for service before and forgotten my Windos password. The copmputer place had no trouble bypassing the password and resetting it. I later asked them if a password was even worth having. They said "No." They said that the only password that will keep people out of your computer is a "Power On" password. It is a password that you have to put in before any programs start, and if it is the wrong password them the computer shuts off. The only drawback to a "Power On" password is that if you forget it you have to buy a whole new computer because the the lockout is imbedded in the bios program and can not be bypassed. Hope this helps. Robert

  • 69 Posted by rtkillen on Thu Sep 3, 2009 8:55PM EDT Report Abuse

    I just read this article and all that I have to say is that passwords, like locks only keep honest people honest. If some one wants in to your computer then a password is not going to stop them. I have taken my computer in for service before and forgotten my Windos password. The copmputer place had no trouble bypassing the password and resetting it. I later asked them if a password was even worth having. They said "No." They said that the only password that will keep people out of your computer is a "Power On" password. It is a password that you have to put in before any programs start, and if it is the wrong password them the computer shuts off. The only drawback to a "Power On" password is that if you forget it you have to buy a whole new computer because the the lockout is imbedded in the bios program and can not be bypassed. Hope this helps. Robert

  • 70 Posted by rtkillen on Thu Sep 3, 2009 8:55PM EDT Report Abuse

    I just read this article and all that I have to say is that passwords, like locks only keep honest people honest. If some one wants in to your computer then a password is not going to stop them. I have taken my computer in for service before and forgotten my Windos password. The copmputer place had no trouble bypassing the password and resetting it. I later asked them if a password was even worth having. They said "No." They said that the only password that will keep people out of your computer is a "Power On" password. It is a password that you have to put in before any programs start, and if it is the wrong password them the computer shuts off. The only drawback to a "Power On" password is that if you forget it you have to buy a whole new computer because the the lockout is imbedded in the bios program and can not be bypassed. Hope this helps. Robert

  • 71 Posted by rtkillen on Thu Sep 3, 2009 8:55PM EDT Report Abuse

    Sorry for the 7 posts. It said that it faild to post it all but the last time.

  • 72 Posted by sizzling_desires on Thu Sep 3, 2009 9:25PM EDT Report Abuse

    Replacing some letters by capital letters is helpful as opposed to in the article. Suppose your password is a three letter word "dog" then the hacker only has to try maximum of 9 combinations of the three letters :o , d , g to get to the password. If there can be more than one capital letter the space where he has to search for password gets increased and so does the the number of attempts to get to the password. This is useful specially in machines like kiosks, ATM's(if you can put in alphanumeric passwords) etc. Unless you are some military guy involved in a top secret project, i would recommend using smaller password upto 10 letters/ numbers. They should have a combination of letters and capitals and numbers. And yes changing them every few months helps. Try not to use simple passwords based on your loved ones names, birthdays etc. Try using abstract words. Also, do not reveal your passwords to anybody because they reveal your thinking trait annd next time its easier for them to guess your password. And yes using (ALT+0160) is helpfulas in the Myth 10. In all a great link to bookmark.

  • 73 Posted by rtkillen on Thu Sep 3, 2009 8:55PM EDT Report Abuse

    If you are worried about hacker getting into your computervia the internet the only thing that you can do is get a good firewall program. There are many out there. The one I use is free for personal use and I have never had any problems with it.

  • 74 Posted by rbllhdcty on Thu Sep 3, 2009 8:31PM EDT Report Abuse

    I change mine every other week so no one can get into my e-mail's or computer .

  • 75 Posted by erma1937 on Thu Sep 3, 2009 3:55PM EDT Report Abuse

    should I have a defferant passward for each theng?

  • 76 Posted by erma1937 on Thu Sep 3, 2009 3:55PM EDT Report Abuse

    I have yahoo,msn,hotmail,and meny others and I use a differant password for each one.fhle.

  • 77 Posted by mewgros on Thu Sep 3, 2009 7:16PM EDT Report Abuse

    I bet hackers love reading this stuff. people ought to be finding out who they are and how they are doing what they do. i was told that they have more than one machine to record all they need to know, and they don't have to monitor them.

  • 78 Posted by bharathanpp on Thu Sep 3, 2009 3:06PM EDT Report Abuse

    I DONT THINK THAT ANY COMPUTER IS SAFE WITH ANY PASSWORD.AS COMPUTERS ARE UNAVOIDABLE,LET US USE IT WITH THE FULL AWARENESS THAT IT CAN BE HACKED ANY TIME.ONE SHOULD LEARN TO KEEP ONES SECRETS IN HIS HEART AND SOUL AND NOWHERE ELSE!!!!!!!!

  • 79 Posted by rp.cnasn on Thu Sep 3, 2009 8:53PM EDT Report Abuse

    The name of this is "10 myths about windows passwords", and then I see 5 "key points" listed. Did I miss something? There is really nothing new in this either. It is presented as some kind of new way too look at creating passwords, but I've never heard of any IT pro seriously suggesting anything contrary to what you said in your 5 key points. I will now read Mr. Burnett's article and expect to see common sense password practices as I have always used, and probably not be changing any of mine this weekend.

  • 80 Posted by hyattdj on Thu Sep 3, 2009 4:21PM EDT Report Abuse

    I am a 10 year + administrator who is an expert in security. The risk is viruses and kiddy scripts attacking windows servers. Basic security protection is fine. Some letters and numbers, add a character is better. None of these highly complex password change rules where you must make it very different and change it often. When you have 4 or 8 different passwords, this gets the users to thwart the password plan and actually pick easy passwords so they can remember them. Also, the extreem security is like when Wells Fargo demands ID when I am making a deposit with no cash back. It is like teaching a pig to sing. It wastes your time and annoys the pig

  • 82 Posted by ffemtchris@snet.net on Thu Sep 3, 2009 3:59PM EDT Report Abuse

    1. Hackers and virus purveyours ARE terrorists and should be executed as such. They use fear as a weapon and cost us billions of dollars and hours of wasted time each year. Punish the criminals (yes, CRIMINALS) instead of the victims. 2. The convenience of the world wide web has a price. For some things, I still prefer to call a merchant. However, am I more at risk when I tell a person my credit card number over the phone than typing it in on a "secure" webpage?

  • 83 Posted by born4soccor on Thu Sep 3, 2009 3:11PM EDT Report Abuse

    put a pssword a "hacker" would think of last. change it every 2 months.

  • 84 Posted by nathan_eddington on Thu Sep 3, 2009 7:34PM EDT Report Abuse

    My computer will send 40,000 volts to the hacker's computer, so I dont worry...

  • 85 Posted by princessroxeygirl on Thu Sep 3, 2009 8:19PM EDT Report Abuse

    I agree. I do change my password every four months, so I'm good on that. But my password isn't very long... So, that may need to be changed.... Thanks anyways!

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.