recommended reading

Advice from a hacker on picking a good password


As mass hacks abound, it's hard to know the best way to handle our Internet security, so we went to a password expert to figure out how best to protect ourselves. Alex Horan is a proclaimed "white hat hacker," meaning he hacks "for good, not evil" in the words of the public relations liason for CORE Security, where Horan is a product manager. He, like us, believes the password system these days isn't ideal for people trying to protect their online info. Though hacks are happening more often for various reasons (as discussed here), there is one part of the dysfunctional system we can control: Our own password habits.

But Horan does not blame us for not using ideal passwords. One of the biggest problems with passwords is the glut of sites that require them. "The end users are really in a bind," Horan said. "More and more things are online and there is no ability yet for me to have a single online ID where I can use the same user name and password to authenticate to some central database." Right now, people are asked to create new usernames and new passwords for everything. When our creativity wanes (and our memories dim) we often resort to reusing the same password. But that's unsafe. The biggest danger of a password hack is that a password found at one site can be used to get into other, more important accounts. (That's what happened to James Fallows' wife, as he explained in The Atlantic.) The other option is to have different codes for everything, which is unreasonable and annoying. A recent survey found 38 percent of respondents would rather clean a toilet than think of new combinations. Another 38 percent said they would rather tackle world peace. So what to do? Here's what Horan suggests.

Save brain space for the really important accounts. For the stuff that really matters, like bank accounts, for example, Horan suggests we use unique passwords for each and every one of them. For the less important stuff, it might make sense to choose a "dumb password," a suggestion we had a few weeks ago. That doesn't totally eliminate the so-many-things-to-remember issue, but it compartmentalizes things. Also, I sometimes forget which passwords I picked for what sites, this system would help me remember, at the very least, what type I picked. 

Forget password, think passphrase. A password indicates some intricate combination of letters and numbers (and maybe symbols) that looks hard to guess. Those are hard to remember, and not always impenetrable. A passphrase, instead, consists of a string of whole words. Like, a line of a book, or a song lyric, Horan suggests. "The first line of my favorite book is very hard for someone to guess and also very hard for a computer to brute force." (A brute force attack is when a computer program does hyper-speed password guessing, which is what happened with LinkedIn.)

Read more at The Atlantic Wire.

(Image via mkabakov/

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.