Monday 8 March 2010

How to create a strong and secure password

There are many useful articles on password management on the Internet. Unfortunately, it seems like some people still don't take this seriously and use weak passwords. It goes without saying that strong passwords are very important for good computer security. Besides, unwisely created passwords can be broken in hours and so can be the weakest link in a computer security scheme. I'm not saying that you should create super strong passwords for each account or service, but anyway you should still consider two essentials passwords rules: password length and password complexity. Of course, password should be easy for you to remember, but difficult for others to crack or to guess.

A strong password should meet the following criteria:
1. Use at least 8 characters or more (14 characters would be ideal)
2. Use characters from each of the following groups (at least one from special symbols and numerals):
    a) Uppercase and lowercase A, B, C,...; a, b, c,...;
    b) Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    c) Special symbols ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /
3. Use significantly different password for each account.

Common password pitfalls to avoid:
1. Don't use your username or a part of it (hopefully such approach is not allowed by some websites)
2. Don't use your name, sure name, street name, birthday or other personal information such as driver's license, passport number, credit card number and etc.
3. Don't use computer terms and names
4. Don't use a set of characters in alphabetic or numeric order, sequences or repeated characters. For example: 123456, 11111 or abcdef, aabbcc
5. Don't use dictionary words in any language
6. Avoid words spelled backwards, common misspellings, and abbreviations
7. Don’t use a password that is listed as an example or public.


How to create a strong password you can remember
There are many ways to create a solid password. For example, you may use password generators, but the problem is that they generate complex passwords and you will have to learn those passwords by heart. A much better idea would be to think of something meaningful to you and write it down. Start with a sentence or two. For demonstration purposes, I will use this sentence: Remember the fifth of November the gunpowder treason and plot.

1. Use the first letter of each word and turn your sentences into a row of letters.
Remember the fifth of November the gunpowder treason and plot => rtfontgtap

2. Make only the letters in the first half of the alphabet uppercase (or conversely).
rtfontgtap => rtFontGtAp

3. Add numbers. Put two numbers that are meaningful to you. Decide where to put chosen numbers yourself. I will put one number at the beginning on another one at the end.
rtFontGtAp => 5rtFontGtAp9

4. Put a special symbol at the end or at the beginning.
5rtFontGtAp9 => 5rtFontGtAp9@

5. Put a punctuation mark at the end
5rtFontGtAp9@ => 5rtFontGtAp9@?


Test your password with a password checker
https://www.microsoft.com/protect/fraud/passwords/checker.aspx?WT.mc_id=Site_Link
http://www.passwordmeter.com/

Test results



My new password scored 84% (very strong) at passwordmeter.com. I got -12% because of repeated characters (t) and consecutive lowercase letters. You may fix this at any time if you'll get such warnings too. Microsoft password checker gave "best" score. So I'm quite pleased with results.


Other important recommendations:
1. Don’t type your password on a computer that does not belong to you or you don't have full control of it.
2. Don’t send your password to anybody in an email.
3. Don’t the same password for two different sites.
4. Don’t share with anyone.
5. You should change your password(s) every 6 months (or whenever possible, every 2 months).
6. Change your passwords immediately when they are compromised.

I hope this article was useful for you. If you have any additional information for creating strong passwords, please leave a comment and share your information with us. Good luck and be safe!

Useful links:
http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/
http://www.microsoft.com/protect/fraud/passwords/create.aspx
http://en.wikipedia.org/wiki/Password_strength
http://www.econsultant.com/articles/how-to-create-a-strong-password.html
http://www.cryptosmith.com/password-sanity/dilemma

Share this information with other people:

No comments:

Post a Comment