Skip to content

Passwords

by Zach on September 13th, 2009

Passwords are one of the most important things to security.  Follow these simple rules to ensure that your password is properly securing your personal data/accounts.

  1. NEVER use words or commonly known arrangement of characters.
  2. Never use your name or any part of your username, birth-date, siblings names, etc.
  3. Use Special Characters, numbers, upper and lower case letters (You want at least three of the four in your password).
  4. Do not reuse passwords.
  5. At least 8 characters

Now for an explanation of why you need to follow those rules:

  1. Words or other common arrangements of characters are the first thing that someone trying to guess your password will try.  Passwords are not cracked (guessed) manually, there are files that contain common passwords (rainbow tables) that programs can quickly use as a guess to your password.  If your password is only a dictionary word it will be cracked in seconds.
  2. Again, your name and public information is easy for someone to find and guess.
  3. Using a mixture of these three types of characters greatly increases the number of guesses that have to be made before a password is cracked.  Let us think about this.  Lets think about a 1 character password.  If only lowercase letters are used you have a 1 in 26 chance of guessing the password.  Adding upper case letters lowers the chance to 1 in 52.  Adding numbers and special characters decreases the chance of guessing it even lower.
  4. If you reuse the same password everywhere and it is cracked in one location that essentially gives the attacker access to your accounts everywhere.
  5. Each character that you add decreases the odds of guessing the password.  Today 8 characters is long enough that in most cases the password cannot be easily guessed.

Suggestions on creating passwords:

One common technique is to use one “main” password, but mix things in for each place that you use it.  For a really bad example) if you use “password” as your main password on Amazon you would use the password “ApMaAsZsOwNord”.  That is AMAZON and password mixed together.  For google you would use “GpOaOsGsLwEord”.  This same technique is useful when creating your main password.  For instance you make take your dog’s name and your name and the year you got your dog.  ZACH + doggie + 2005 = dZoAgCg2H0i0e5.  You just have to remember what you used and you can always recreate the password.

Another suggestion is to use a password vault.  This is a piece of software that you install on your computer.  You have a password to login to the vault and then it generates a new random password for each website that you go to.

The last thing I am going to say is that these techniques do not guarantee that your password will always be safe.  All passwords are crackable, it is just a matter of time.  If you follow all of the guidelines your password will be strong enough for most cases today.

~Zach

From → Internet Security

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS