I’ve been on people’s cases lately about having strong passwords.  There are really two issues related to strong passwords:

  1. Creating strong passwords
  2. Preventing strong passwords from becoming weak

What Makes Passwords Weak?

Let’s start by looking at what makes passwords weak. Then, we can strengthen passwords by avoiding these issues.

Common Dictionary Words

If a word is in the dictionary (including those in other languages) then chances are it is in a brute force attack dictionary.  This means that it is really just a matter of time before your password is hacked.

This also includes variations of dictionary words:

  • reversed words (e.g. drowssap)
  • mixed capitalization (e.g. PaSsWoRd)
  • character/symbol replacement (e.g. pa$$word)
  • removed vowels (e.g. psswrd)

Based on Common Names

Common names are, just that, common.  This makes them easily guessable.  So, “bobpassword” is probably not a good idea.

Based on User/Account Name

Let’s say you have a user name of “username1234″.  I would not suggest using any of the following passwords:

  • password1234
  • username12345
  • username5678
  • user1234name

Too Short

If your password is under seven characters, it is not long enough.  ‘Nuff said.

Based on Keyboard Patterns

A password that is just a series of keystrokes along the keyboard is probably not the best idea for a password.  Check out some of these passwords on your keyboard and you will quickly see why they are bad news:

  • qwerty
  • 1qaz2wsx3edc
  • 0-p[l;,.
  • !@#$1234
  • z,alqp1-

Only Use One Symbol Type

It is really tempting to create a password that is all letters.  Let’s face it, this is how we are wired!  But, it also greatly limits the number of possible passwords.  For example, if you have a seven character password made up of only lower case letters, there are 8,031,810,176 possible passwords.  But, if you add in uppercase letters, numbers, and punctuation characters, there are suddenly 64,847,759,419,264 potential passwords, making the password significantly more difficult to discover!

Difficult to Remember

I am going to give you one password that would be practically impossible to crack!  Ready?  Here it is:

\Oj?Ix4MH%xy}5xTpu@+NkMZ2)C09IE:Rrr}6E7;$::]aH|YH8`]U38%cHUe\lL|w?D6ms:T.mT9L”YV0$#843Rl-$xkA9JQV|Z7-eG]”T+O&glxb]{xW9*D^5′f.}4x[(;b}_bEXQQ;y<”VcY:FVah1,Q%’Cv=h8Ktq~=?~’7Bgt6c}w)n&mtPyUJfiXy”3R>J5″ZD2clmW?@D$T0″eL#’v09X({MVc(c!>{k4N[@’;`CA0oK5$3N{)apz*l’A;lbRpu^eiI06T_5″|%>XfBiyKYpVcvq4p”EL<(\W8wNP,54SIg27Ub|wJ”%#NOt*{0_RHeYZ,+AJ)~XsyppsJ)B|P/\xi’IGX^2[.6

Now, all you need to do is memorize it and you are set!

I can guarantee you that nobody will ever use this as their password!  It is simply way too long!  If you can’t memorize a password, then it is as good as useless!

Strong Password Characteristics

So, now that we know what makes a weak password, how do we make a strong password?

Strong passwords should all have the following characteristics:

  • contain at least one of each of the following:
  1. digit (0..9)
  2. letter (a..Z)
  3. punctuation symbol (e.g., !)
  4. control character (e.g., ^s, Ctrl-s)
  • are based on a verse (e.g., passphrase) from an obscure work where the password is formed from the characters in the verse. e.g., “Iafyd$,t,ta!” is derived from the phrase “If at first you don’t succeed, try, try again!
  • are easily remembered by you but very difficult (preferably impossible) for others to guess

Making Strong Passwords Weak

Even if you have a strong password, there are a number of things that many people do to make it less effective:

  1. Recycling passwords.  Do not use the same password over and over again when you need to change it.
  2. Recording passwords.  As tempting as it may be, putting your password on a sticky note on the side of your monitor is a definite no-no.
  3. Using The Same Password On Multiple Systems.  Almost everyone is guilty of doing this.  You come up with a great password and then proceed to use it for your e-mail, computer account, Facebook, etc. password.  While this makes it really easy to remember the password, if someone figures it out, then they have access to everything!

Password Creation Worksheet

As a way to make your life easier, I have created a worksheet that you can download and print off that will help you to create a strong password.  I have also included a completed example.  I strongly recommend that you print a number of these worksheets out and have them handy the next time that you need to create a password.

If you are looking for a good starting phrase, may I suggest a nice, long quote from your favorite movie?

Related articles:

Reblog this post [with Zemanta]

Similar Posts:

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2009/02/17/creating-and-keeping-strong-passwords/trackback/
Tim Fehlman