Easy Strong Passwords

It is very important to protect your online accounts and your computer with strong and secure passwords.  You probably have heard that before.  But do you? 

In this article, we will help you learn how to make strong passwords that are strong, secure and relatively easy to remember. 

“OK, what is a strong password anyway?”  Well, it may be easier to answer that by first looking at weak passwords.

A weak password is a password that can be easily guessed by a human, and that includes humans who know a substantial amount about you.  

A weak password is also any password that can be easily cracked by a password guessing program. These cracking programs use extensive dictionary and special word lists containing millions of commonly known or potentially knowable passwords. They also can try millions of random strings of characters. The speed at which these programs can can work is astounding.

Examples of weak passwords:

  • Any word that is in any dictionary.
  • Any number, unless it is so large as to be cumbersome to remember.
  • Any birth date (or any date at all).
  • Any pets name.
  • Any persons name or nickname, or your name with a special character tacked onto the end (betty%),
  • Any common quotation or phrase.
  • Any password that you use on ALL your accounts. (hello)
  • Any password, no matter how strong it is, that you told your computer to remember buy selecting the Remember Me option on a password dialog.  (Windows stores these in a very insecure manner that can be cracked in seconds.)

Of course it is important to have a strong, hard to guess passwords on any financial accounts such as banks or brokerages. Most people understand this. But did you know it is also very important to have a strong password on your email accounts and to log onto your computer? Well, it is.

How quickly can weak passwords be cracked? Within seconds. Yes, you heard us right. Within seconds.  How quickly can a strong password of approx. 10 characters be cracked?  It could take several years.

How to make strong and memorable passwords:

OK, what are some characteristics of strong passwords:

  • They should contain a mixture of all the available keyboard characters, including a mix of upper lower case letters, numbers and special characters.
  • They should be at least 8 to 10 characters in length.
  • They should not be written down, unless they are kept in a very secure place.
  • They don’t have any of the characteristics of a weak password.

Example of a strong password: Fi^Do3mY%banK (well, it was until we published it).

It would take high powered cracking attacks a considerable amount of time to guess this password. And clearly, no human is going to guess this one.

OK, yea sure, you say.  ”How the heck can I remember a password like that?”

Well here is how:

  1. Make one half your password something that is common to all your passwords. Memorized this half and never write it down.  This prefix and/or suffix should not be something easily guessed. It should mix case and include at least one number and/or special character. Make it about 4 to 6 characters in length.
  2. The second half would be unique to each account, and the second half could be something that helps you associate the password with the account in question.

Our example password actually has two parts.   Fi^Do3 and mY%banK

  1. Fi^Do3  would be the secret part that is common to all your passwords and never written down.
  2. mY%banK  is the unique part of the password, that is designed to be relatively easy to memorize, and could contain hints that help you remember its purpose.

Another of your password might be this:  Fi^Do32ya%Hoo which is the secret prefix Fi^Do3, plus  2ya%Hoo

Please note that the second half could be written down somewhere.  You could even carry such a list in your wallet or purse, or keep it near your computer.  (Not that you should keep it in the open.)  This list would be almost useless* to anyone because it does not include the secret prefix or suffix.  If they get a hold of your list, they will find that none of the passwords work, and will probably give up right there.

* We say almost useless, because nothing is perfectly secure.  Maybe somebody could learn the secret part of your password by looking over your shoulder when you type it.  Or a key-logger program on your computer could expose all your passwords, no matter how secure they are.   And if crackers figure out your technique, it may be of some help towards cracking your passwords, but the time and computer power required will still be substantial.  And, hey, this technique is not designed for protecting national security secrets, but is can be very useful for the average computer user.

Please note that we also suggest using a password utility like RoboForm, especially if you have lots of passwords.  If a hidden key-logger ever compromises your computer it provides an significant additional layer of protection.  

And for using passwords on the road, we highly recommend RoboForm2Go (from the makers of RoboForm).  It works from USB flash drives and leaves no traces of itself, or your passwords on other computers.

Experts may recognize that this password technique is (loosely) modeled after the public key, private key form of encryption.  The secret part of the password is like the private key.  The other part of the password is like the public key, except in this case, it is not deliberately made public.  But if it is made public, such as by theft, it is just about as useless.

“Practice Safe Computing”

_____________________________________________________________________________________________________________

L10 Web Stats Reporter 3.15 L10 Hit Counter - Free Web Counters
LevelTen Web Design Company - Professional Flash & Website Designers