Book Review: Perfect Passwords

In the book “Perfect Passwords” author Mark Burnett discusses ways that computer security can be improved.  However this is no dry security tome, the style is easy to read and at under 200 pages could be read in a weekend.  Though it’s short there is still plenty of interesting material in here  – perhaps the most enlightening, or frightening depending on your viewpoint, section of the book is Chapter 9 where he gives a list of the 500 worst passwords of all time.  If you see your password on this list it’s time to change it immediately!

Though a general computer enthusiast may find it an interesting read the book seems to be aimed at two groups.  The first being those who set password polices for others to follow and the second group being those who educate computer users about password security. 

There’s plenty of material in the book that demonstrates what a bad password is and how what one might think is an ingenious password is actually quite predictable and hackable – a trainer could use this material to create an interesting power point presentation on password security for non-technical staff.. 

The book also contains cautionary words for network administrators who set too stringent complexity requirements on passwords that make them hard to remember – the reason being that hard to remember passwords tend to get written down somewhere.

While the book contains many useful examples and explanations the message of the book could be summed up as follows:  use phrases for your passwords, make them 15 characters or more including numbers and symbols, yet make them easy to remember, and type, and don’t forget to change them often.