« About the "Email Tax" | Main | What Will They Sell Next? »

April 25, 2006

I rant and rave in Spam Wars about the bane of passwords for online activity, along with recommendations about how to create good ones and even record them safely.

Microsoft has also written up some guidelines about generating secure passwords that are pretty good. It's worth a read, if for no other reason than to observe how weak most user passwords are.

The article points to another page that has a password checker script running on it, where you can enter a password and let it evaluate whether it considers the password to be weak, strong, or "best." Although I doubt that Microsoft is collecting passwords as you enter them (the script runs only on the client), I (and the SANS Internet Storm Center) still recommend against entering an actual password into the field to test. Trying a fake password with the same pattern of characters (lowercase, uppercase, number, symbol) would be safer, and should yield the same result.

Creating a set of strong passwords is only half the battle. The other half is making sure you don't get punk'd into giving them up to phishers and other crooks.