We talk about techniques for creating,
managing, and password-protecting user accounts, but before we get into
the details it might be worthwhile to talk about passwords in general.
Not just passwords for user accounts, but for all types of accounts you
create, including online accounts.
A password that’s easily guessed is a weak password. A strong password is one that’s not easily guessed and is immune to password-guessing attacks. The two most common forms of password-guessing attacks are the dictionary attack and the brute-force attack.
Both types of attacks rely on special programs that are specifically
designed to try to crack people’s passwords and gain unauthorized entry
to their user accounts.
The dictionary attack tries many thousands of
passwords from a dictionary of English terms and commonly used
passwords. The brute-force attack tries thousands of combinations of
characters until it finds the right combination of characters needed to
get into the account.
Admittedly, both types of attacks are rare in a
home PC environment. They’re also easily frustrated by common
techniques such as forcing a person to wait several minutes before
trying again after three failed password attempts. Nonetheless, the
general guidelines used to protect top-secret data from
password-guessing attacks can be applied to any password you create. A
strong password is one that meets at least some of the following
criteria:
- It is at least eight characters long.
- It does not contain your real name, user account name, pet name,
significant date (such as birthday), or any name that’s easily guessed
by other family members or coworkers.
- It does not contain a word that can be found in a dictionary.
- It contains some combination of uppercase letters, lowercase
letters, numeric digits, and symbols (such as !, &, ?, @, and #).
Again, we realize that few of us need
Fort Knox–style security on our personal PCs. You don’t want to come up
with a password that’s difficult to remember and a pain to type. But
any steps you take to make the password less easy to guess are well
worth the effort. Some websites offer password checkers, programs that analyze a password and tell you how strong it is.
Remembering passwords
The most common problem with passwords
is forgetting them after the fact. When you set up a password for a
website, you can usually be reminded what the password is just by
clicking an “I forgot my password” link at the sign-in page. But there
is no such link for passwords that protect your Windows user accounts.
Therefore, it’s extremely important that you not forget your Windows passwords!
Before you password-protect a user account, take
the time to come up with a password that you (or the user) can
remember. Make sure you use exactly the same uppercase and lowercase
letters that you’ll be typing. All Windows passwords are always case
sensitive, which means uppercase and lowercase letters count!
For example, say you jot down your password as Tee4me!0 (where that last digit is a zero). But later you type it in as tee4Me!o (with the last digit being the letter o). Still later, you forget the password and dig out the sheet of paper. The tee4me!o you wrote down won’t work, because the password is actually Tee4Me!0.
Caution
On a typewriter, the number 0 is
basically the same as an uppercase letter O and the number 1 is
basically the same as a lowercase letter l, but that is not
true of computers. You must use the 1 and 0 keys near the top of the
keyboard or on the numeric keypad to type 1 (one) and 0 (zero).
Devising a password hint
With Windows passwords, you can also
specify a password hint to help you remember a forgotten password. But
still, it’s tricky. Anyone who uses your computer can see the password
hint. So the hint can’t be so obvious that it tells a potential
intruder what the password is.
By the same token, the hint might trigger your
basic memory of the password. But perhaps not the exact uppercase and
lowercase letters you used. It’s not a good idea to write down your
passwords, because it exposes them to others’ access. But, if you need
to keep track of multiple passwords, consider using a
password-protected Excel spreadsheet to store all your passwords. Then,
you only need to really remember one — the one for the Excel file.
There are also password-keeper applications available that achieve the
same result.
Tip
If you decide to store your passwords in
an Excel file, make a copy you can open on another computer in case
your computer crashes or you forget the password to log on.
The bottom line on remembering passwords is
simple: You are allowed no margin for error. A password that’s “sort of
like” the one you specified is not good enough. It must be exactly
the one you specified. You must treat passwords as though they are
valuable diamonds. Keep them safe and keep them secure, but don’t keep
them so safe that even you can’t find them!
Okay, that’s enough general advice about passwords. Next, you need to find out about types of user accounts.
Tip
As long as your account is an
administrator account, or you have a separate administrator account
that you can access, you can always reset someone’s password on the
computer if needed. You don’t have to go through a password recovery
process; just reset the password.
