Making up passwords is something we have to do almost everyday it seems. Banking web sites, forums, email accounts, webhosting accounts, mail lists, etc. But it seems that making passwords is one of the things that some people have the hardest time doing. Maybe it’s not that it’s hard to make a password, but hard to make a GOOD password. First off, what’s a good password and what’s a bad password? Anything that is a dictionary word (even in another language) is a BAD password. Personal names are usually very bad choices. Why?
Because there are password cracking programs that can go through dictionaries testing passwords very quickly. Now, one thing people have done is attempt to take dictionary words and replace characters with numbers. This is a bit better than dictionary words and is used onlineby l33t (leet or elite) h4x0rs (haxors or hackers)… even google has given a nod to this with a translation of their search engine. The problem is the cracker software has gotten to a point where it tries these substitutions. (The number 0 for the letter o, 1 for l, 4 and a, etc.) So, while this is a bit better, it’s still not great.
The BEST password is one that appears to be a random string of letters and numbers. Ideally they should be uppercase and lowercase and include numbers. 7Y45cVFHg3 is an example of a pretty good password, but HOW are we supposed to remember that. First off, it’s surprising how well you can memorize gibberish if you type it enough, so one suggestion might be to pick a ridiculously hard password and make a point to memorize it. But, I think there is a better way.
Come up with a sentence. It can be a favorite quote or saying, or even something that you have made up. Let’s take for example “ours is not to question why, ours is but to do or die.” (I remember this quote used a lot in an old Risk video game release….
Now, let’s take the first letter of each word. ointqwoibtdod … wow that looks impressive, but since we’re all lower case we only have 26 character possibilities, let’s mix the case a bit. How about we capitalize Ours Not Question Why Ours (again) But Die (everything but the 2 letter words). So now it’s OiNtQWOiBtdoD … this is looking promising. Let’s go back and do some number replacements to make it a bit more complex. 0′s for Os 0iNtQW0iBtd0D We could take this further, we could substitute 8 for B, 1 for i to help us remember that EVERY letter that resembles a number is swapped. But most places make you do 6-8 character passwords, what if that’s too long? Cut it in an easy to remember place… “Ours is not to question why” can be distilled down to 0iNtQW or if you want an 8 character password take the second half… 0iBtd0D
This may look very difficult still, but play around with the idea creating sentences of your own. Then work with them for practice. In some circumstances you may not want to limit it to just the first letter, you might take a few characters…. the word thinking – you might take th or thk or just tk, whatever you think you will be best able to remember. You also may play around with your number substitions. Who remembers the phrase “best friends 4 ever”…. I think you get the idea at this point.
No, I don’t use any of the above suggested passwords and neither should you. The more practice you put in at making good passwords the better you are at it.
Related PostsRelated Posts
- Prepare for the April Fools Spyware Flood I received a message from some at superantispyware in the last day or two that is a well timed and good heads up. Every year there is a surge in spyware, malware and rogue activity around April Fools Day (April 1st). It's important to be aware and raise our skepticism......
- More on the spyware front, should banks assume information is stolen? Sunbelt blog is reporting on some of the countermeasures that some banks are starting to use to frustrate keyloggers. One trick is to request that your pin - number be entered in reverse or a specific order. Another approach is mouseclicks on a virtual keyboard. Some of these ways can......
- Ubuntu 6.06 LTS release Probably the biggest news so far today, at least in linux circles is the official release of the Dapper Drake.... Ubuntu 6.06 LTS (Long Term Support) (and kubuntu and edubuntu all...). I've been playing with an install based on the Release Candidate (and now upgraded to even include KDE 3.5.3...........
- Website Trade Secrets: What you don't know and most "experts" cannot or will not tell you Website Trade Secrets: What you don’t know and most “experts” cannot or will not tell you Do you run a small business? Whether you already have a website, or are thinking about getting one please, for your own sanity and the sake of your bank balance, read this! But......
- Learning How to Finance Your Future Most of us think about retirement and panic. It can be tough trying to figure out how we’re going to survive and plan for our futures when we’re just trying to make ends meet right now. If you’re strapped for cash at the end of every month, chances are you......
- 9 Ways To Finance Your Next Real Estate Deal A key element to being successful in the real estate business is having the ability to fund your deals once you have secured them with a purchase agreement. If you find tons of deals but have no way to fund and close them you are never going to take advantage of......
- Network Security guide for the home or small business network – Part 10 – use good passwords
- Debian development server compromise
- More on the spyware front, should banks assume information is stolen?
- The biggest computer security vulnerability ever
- ftp access problems with lulu.com