Password Strength
One of the primary means to combat insecurity on the Internet, (your insecurity), is to use strong passwords. To make this easier, it is a good idea to create a personal password “system”.
But this password “system” needs to be practical and usable as well as secure, and it must match your needs and usage patterns. Some folks are best served by using a password manager, such as RoboForm, but others may be best served by some other means of creating usable (memorable) passwords that are also secure. Frankly, we use both.
Really now, so many sites require passwords (and user names) that it gets to be a bit of a mess if you don’t have a system and/or use a password manager. Please don’t do what some folks do. Please don’t use the same password for all your accounts. And please don’t use weak, easily guessed passwords. It is not worth the risk.
Part of the problem is that most computer users don’t understand how easy it is to break weak passwords. They don’t know how powerful password cracking programs are. They don’t know that these programs can try millions of passwords in the blink of an eye. They don’t know, for instance, that readily available programs can simply reveal any password “remembered” by many operating systems. They don’t even have to crack them. They simply reveal them, no matter how “strong” they were.
Please note that RoboForm can remember much more than passwords, if you wish. It also remembers user names, and any other information you may repeatedly use to fill out web forms, such as name, address, phone, email address. RoboForm stores these passwords in a secure, encrypted manner that is accessed with a master password. (Just make sure that your master passwords is extra strong, as well as memorable. We suggest the master password be at least 10 characters in length. )
Need a password manager that travels with you? Well, or course, RoboForm can be installed in a laptop. But if you don’t carry a computer with you, there is a version of RoboForm designed for you. It is called Pass2Go. It is designed to install on a USB Flash Drive, where it functions much like the desktop version of RoboForm. But it is designed for secure use on office or public computers. No traces are left when you remove the USB drive from the computer. Highly recommended.
For more information about RoboForm, please visit their web site:
http://www.roboform.com/
The strength (security) of a password depends on three main factors:
- Length
- Randomness
- Complexity
- Use mixed case.
- Use numbers.
- Use punctuation and symbols.
- Use a different password for each site.
- Don’t have web sites, or your computer “remember passwords”.
- If you are emailed a password, change it right away in your account preferences.
- If you ever need to write down passwords, we suggest you don’t write down the entire password. Have a secret prefix or suffix that is memorized. That way, if your list falls in the wrong hands, it will be of little use. The prefix(s) or suffix(s) could be common to all your passwords, or to certain categories of passwords.
We suggest a minimum length of 8 characters.
We suggest limited usage of any word that may be in any dictionary or be any name or date, or anything that may be associated with you that anyone may be able to guess if they know you well.
General Rules:
RoboForm has a handy, built-in password generator that makes it easy to create strong passwords. They are not memorable, but they are strong, and with a password manager that remembers your passwords for you, it is not necessary to have passwords that are memorable.
The following web site has a handy calculator for testing theoretical password strength. This site indicates how long it may take to break passwords of specific length and complexity.
For more infortmation on creating usable and secure passwords, please visit our page:
Randall Rice, Editor
Internet-Insecurity.com
- Practice Safe Computing -
