Creating Strong Passwords

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. The password must be kept secret from those not allowed access.

The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password!

In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc.

A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online. 

Creating Strong Passwords...

Studies of production computer systems have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically.

For example, Columbia University found 22% of user passwords could be recovered with little effort. According to Bruce Schneier, examining data from a 2006 phishing attack, 55% of MySpace passwords would be crackable in 8 hours using a commercially available Password Recovery Toolkit capable of testing 200,000 passwords per second in 2006.

He also reported that the single most common password was password1, confirming yet again the general lack of informed care in choosing passwords amongst users.


Guidelines for Strong Passwords

Common guidelines for choosing good passwords are designed to make passwords less easily discovered by intelligent guessing:

# Include numbers, symbols, upper and lowercase letters in passwords

# Password length should be over 8 characters

# Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information (eg, dates, ID numbers, ancestors names or dates, ...).

Examples that follow guidelines:

The passwords below are examples that follow some of the published guidelines for strong passwords. But note carefully that, since these example passwords have been published in this article, they should never be used as real passwords.

4pRte!ai@3 - mixes uppercase, lowercase, numbers, and punctuation (evidence there is a large character set), increasing an attacker's work factor

Tp4tci2s4U2g! - built from a phrase that a user can memorize: "The password for (4) this computer is too (2) strong for you to (4U2) guess!" - mixes types of character. If the phrase is not 'well-known', this password should have high difficulty for an attacker, and be easier to remember than many passwords.

BBslwys90! - loosely based on a phrase that a user might memorize: "Big Brother is always right (right angle = 90 degrees)!" - mixes character classes

l0ne9peacHpl! - Is actually 19 Peach Place

Password Generators

You can also use software to generate strong passwords for you. I use a password toolbar to remember all my passwords. It has a generator tool in it that is very effectice:

http://www.roboform.com/password-generator.html

However you create your passwords, just make sure that they are not weak ones that anyone can guess!

-----------------------------------------------------------------------------------------------------------