Making up passwords is something we have to do almost everyday it seems. Banking web sites, forums, email accounts, webhosting accounts, mail lists, etc. But it seems that making passwords is one of the things that some people have the hardest time doing. Maybe it’s not that it’s hard to make a password, but hard to make a GOOD password. First off, what’s a good password and what’s a bad password? Anything that is a dictionary word (even in another language) is a BAD password. Personal names are usually very bad choices. Why?
Because there are password cracking programs that can go through dictionaries testing passwords very quickly. Now, one thing people have done is attempt to take dictionary words and replace characters with numbers. This is a bit better than dictionary words and is used onlineby l33t (leet or elite) h4x0rs (haxors or hackers)… even google has given a nod to this with a translation of their search engine. The problem is the cracker software has gotten to a point where it tries these substitutions. (The number 0 for the letter o, 1 for l, 4 and a, etc.) So, while this is a bit better, it’s still not great.
The BEST password is one that appears to be a random string of letters and numbers. Ideally they should be uppercase and lowercase and include numbers. 7Y45cVFHg3 is an example of a pretty good password, but HOW are we supposed to remember that. First off, it’s surprising how well you can memorize gibberish if you type it enough, so one suggestion might be to pick a ridiculously hard password and make a point to memorize it. But, I think there is a better way.
Come up with a sentence. It can be a favorite quote or saying, or even something that you have made up. Let’s take for example “ours is not to question why, ours is but to do or die.” (I remember this quote used a lot in an old Risk video game release….
Now, let’s take the first letter of each word. ointqwoibtdod … wow that looks impressive, but since we’re all lower case we only have 26 character possibilities, let’s mix the case a bit. How about we capitalize Ours Not Question Why Ours (again) But Die (everything but the 2 letter words). So now it’s OiNtQWOiBtdoD … this is looking promising. Let’s go back and do some number replacements to make it a bit more complex. 0′s for Os 0iNtQW0iBtd0D We could take this further, we could substitute 8 for B, 1 for i to help us remember that EVERY letter that resembles a number is swapped. But most places make you do 6-8 character passwords, what if that’s too long? Cut it in an easy to remember place… “Ours is not to question why” can be distilled down to 0iNtQW or if you want an 8 character password take the second half… 0iBtd0D
This may look very difficult still, but play around with the idea creating sentences of your own. Then work with them for practice. In some circumstances you may not want to limit it to just the first letter, you might take a few characters…. the word thinking – you might take th or thk or just tk, whatever you think you will be best able to remember. You also may play around with your number substitions. Who remembers the phrase “best friends 4 ever”…. I think you get the idea at this point.
No, I don’t use any of the above suggested passwords and neither should you. The more practice you put in at making good passwords the better you are at it.
Related PostsRelated Posts
- Prepare for the April Fools Spyware Flood I received a message from some at superantispyware in the last day or two that is a well timed and good heads up. Every year there is a surge in spyware, malware and rogue activity around April Fools Day (April 1st). It's important to be aware and raise our skepticism......
- Debian development server compromise Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can......
- Another entry on DBAN (boot disk to securely wipe a hard drive) This kind of get's glommed into hardware, software and security categories all.... I've mentioned DBAN a couple times already (Darik's Boot and Nuke). I had a chance to sit down this afternoon to nuke a few disks I've collected over the last little while and thought I'd pass along some......
- Learning How to Finance Your Future Most of us think about retirement and panic. It can be tough trying to figure out how we’re going to survive and plan for our futures when we’re just trying to make ends meet right now. If you’re strapped for cash at the end of every month, chances are you......
- Greed or No Greed [/caption]Today's guest post comes from Jeff Rose who is an Illinois Certified Financial Plannerâ„¢ and co-founder of Alliance Investment Planning Group. He is also the author of Good Financial Cents, a financial planning and investment blog. You can also learn more about Jeff at his website Jeff Rose Financial. On......
- When Is Enough, Enough? UCLA Alumni, Andrew Lahde, announced last week that after making an astounding 866% last year, he was closing down his hedge fund and returning all the money back to his investors. While it's not certain how much money he's made, it has been speculated that he's worth around $30 million......
- Network Security guide for the home or small business network – Part 10 – use good passwords
- Debian development server compromise
- More on the spyware front, should banks assume information is stolen?
- The biggest computer security vulnerability ever
- ftp access problems with lulu.com