Choosing a secure password and keeping it private is one of the most basic rules for good computer security, and you’ve probably heard it over and over. But what is a good password, anyway and how should you keep it safe?
Creating A Strong Password
A good password is one that’s not easily guessed and can not be easily cracked using one of the readily available password cracking tools. Password cracking tools generally use word lists to crack passwords using words from the list as well as simple variations of the words (like adding a number to the beginning or end, capitalizing the first letter, replacing letters with lookalike characters, and reversing the word). If your password is in a dictionary (any dictionary), it can be guessed very, very quickly by these tools.
The second phase in password cracking is a brute force attack that involves trying all combinations of characters starting with single character passwords, then two character passwords, and so on. So the longer your password is the longer it takes to try all the combinations. In fact, by the time you get to eight character passwords, there are over 6000 billion possible combinations (6.2 x 1015), which means a good, strong password will not be feasible to crack in our lifetime using a password cracking tool.
Elements of a Bad Password
Here are some mistakes to avoid when choosing a password:
- It’s short (less than 8 characters)
- It’s your real name
- It’s your username (aka login name)
- It’s your spouse’s name (or one of your children’s names)
- It’s your pet’s name
- It’s your company name
- It’s your birthday
- It’s your phone number
- It’s in a dictionary (any dictionary)
- It’s the name of anyone or anything (really, there are word lists available for just about everything)
Making a Strong, Unguessable Password
So, how do you create a good, strong password? Here are some suggestions:
- A strong password should be at least 8 characters long
- A strong password should be a mix of upper and lower case characters, as well as numbers and/or special characters
- A strong password could be the first letter of a phrase you can remember or a sentence from a book. For example, you could use the phrase “A person’s a person, no matter how small” from Dr. Seuss as the password “aPaPnMhS” which makes it easy to remember, but hard to guess. You could make it even stronger by replacing some of the characters with lookalike symbols. For example, “aP4PnMh$”
- The best passwords are actually pass phrases – an entire phrase of words separated by spaces. If a system supports them, they are your best bet. Then you could use the entire phrase “A person’s a person, no matter how small.”
- A strong password could be a word with special characters inserted in the middle. If I wanted to use the word “backyard” as the basis for my password, I might use “Bac%ky/ar#d”.
- A strong password can be two unrelated words separated by a symbol, such as “bIrd#gRaphiTe”. Again, you can make it even stronger by replacing a couple of letters with symbols, such as “b1rd#gR4phiTe”
Finally, if you use a tool like RoboForm, KeePass Password Safe or LastPass, they include tools for generating strong random passwords which they can securely store on your computer so you don’t have to remember them. With those tools, then, you only have to remember one master password rather than one for every account you have.
You’ve Made It Secure, Don’t Lose It
Here are some final rules for managing your passwords once you’ve created them.
- Use different passwords for different accounts. In other words, don’t make your Facebook password the same as your online banking password.
- Protect your password based on the information you are trying to protect. For example, you’ll want to strongly protect your online banking password, but you probably aren’t as worried about your password to view your son’s baseball schedule.
- Don’t write down your password and keep it near your computer. I take the view that it’s okay to write down your password and keep it in your purse or wallet, though. Just don’t write the username or what account the password is for along with the password.
- Don’t send your password in email or in response to an email request.
- Don’t share your password via instant messaging.
- Basically, don’t share your important passwords with anyone.
Do you have other password creation rules you favor or tips for password management you’d like to share? Please leave a comment to let me and other readers know.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
