Easy Strong Passwords

In this article, we will help you learn how to make passwords that are strong, secure and relatively easy to remember.

It is very important to protect your online accounts and your computer with strong and secure passwords.   But do you do it?  Probably not.

“OK, what is a strong password anyway?” Well, it may be easier to answer that by first looking at weak passwords.

  1. A weak password is any password that can be easily guessed by a human, and that includes humans who know a substantial amount about you.
  2. A weak password is also any password that can be easily cracked by a password guessing program. These cracking programs use extensive dictionary and special word lists containing millions of commonly known or potentially knowable passwords. They also can try millions of random strings of characters.  The speed at which these programs can can work is astounding.

Examples of weak passwords:

  • 12345, 123456, password, iloveyou, qwerty, abc123, 654321, abcdefg – you get the point.
  • Any single word that is in any dictionary.
  • Any number, unless it is so large as to be cumbersome to remember.
  • Any birth date (or any date at all).
  • Any pets name.
  • Any persons name or nickname, or your name with one special character tacked onto the end (betty%),
  • Any common quotation or phrase.
  • Any password that you use on ALL your accounts. (hello!)
  • Any password, no matter how strong it is, that you told your computer to remember buy selecting the Remember Me option on a password dialog.  (Windows stores these in a very insecure manner that can be cracked in seconds.)

Please note:  Some Trojans and viruses come preloaded with the ability to guess thousands of commonly used weak passwords!

It is very important to have a strong, hard to guess passwords for financial accounts, a different one for each account.  But did you know it is also very important to have a strong password on your email accounts, your social networking accounts, and to log onto your computer?

How quickly can weak passwords be cracked?  Within seconds.  Yes, you heard us right – within seconds.  How quickly can a strong password of approx. 10 characters be cracked?  It could take several years.

How to make strong and memorable passwords:

OK, what are some characteristics of strong passwords:

  1. They should contain a mixture of available keyboard characters, including a mix of upper lower case letters, numbers and special characters.
  2. They should be at least 8 characters in length.
  3. They should not be written down, unless they are kept in a very secure place.
  4. They don’t have any of the characteristics of a weak password.

An example of a strong password:   Fi^Do*MybanK (well, it was until we published it).

It would take high powered cracking attacks a considerable amount of time to guess this password. And clearly, no human is going to guess this one.

OK,   “How the heck can I remember a password like that?”

Answer: It is a two part password!

  1. Make approximately one half of your password something that is common to all your passwords. Memorized this half and never write it down. 
  2. The second half would be unique to each account, and the second half could be something that helps you associate the password with the account in question.

Our example password actually has two parts.   Fi^Do* and MybanK

  1. Fi^Do* would be the secret part that is common to all your passwords and never written down.
  2. MyBanK is the unique part of the password, that is designed to be relatively easy to memorize, and could contain hints that help you remember its purpose.

Another of your passwords might be:  Fi^Do*YahoO which is the secret prefix Fi^Do* plus  YahoO

Please note that the second half  ‘could’  be written down somewhere. Why? because this list would be almost useless* to anyone because it does not include the secret prefix. You could even carry such a list in your wallet or purse, or keep it near your computer. (Not that you should keep it in the open.)  If someone get a hold of your list, none of the passwords would work, and they will probably give up right there.

* We say almost useless, because nothing is perfectly secure. Maybe somebody could learn the secret part of your password by looking over your shoulder when you type it.  Or a key-logger program on your computer could expose all your passwords, no matter how secure they are.   And if crackers figure out your technique, it may be of some help towards cracking your passwords, but the time and computer power required would still be substantial. 

And, hey, this technique is not designed for protecting national security secrets, but it may be useful for the average computer user.

Experts may recognize that this password technique is (loosely) modeled after the public key, private key form of encryption.  The secret part of the password is like the private key.  The other part of the password is like the public key, except in this case, it is not deliberately made public.  But if it is made public, such as by theft, it is just about as useless.

************************************************************

Please note that we also suggest using a password utility like RoboForm, especially if you have lots of passwords.  If a hidden key-logger ever compromises your computer it provides an significant additional layer of protection.

And for using passwords on the road, we highly recommend RoboForm2Go or RoboForm Everywhere.

************************************************************

Remember: “Practice Safe Computing”

Updated 11/11/2011

_____________________________________________________________________________________________________________