Making up passwords is something we have to do almost everyday it seems. Banking web sites, forums, email accounts, webhosting accounts, mail lists, etc. But it seems that making passwords is one of the things that some people have the hardest time doing. Maybe it’s not that it’s hard to make a password, but hard to make a GOOD password. First off, what’s a good password and what’s a bad password? Anything that is a dictionary word (even in another language) is a BAD password. Personal names are usually very bad choices. Why?
Because there are password cracking programs that can go through dictionaries testing passwords very quickly. Now, one thing people have done is attempt to take dictionary words and replace characters with numbers. This is a bit better than dictionary words and is used onlineby l33t (leet or elite) h4x0rs (haxors or hackers)… even google has given a nod to this with a translation of their search engine. The problem is the cracker software has gotten to a point where it tries these substitutions. (The number 0 for the letter o, 1 for l, 4 and a, etc.) So, while this is a bit better, it’s still not great.
The BEST password is one that appears to be a random string of letters and numbers. Ideally they should be uppercase and lowercase and include numbers. 7Y45cVFHg3 is an example of a pretty good password, but HOW are we supposed to remember that. First off, it’s surprising how well you can memorize gibberish if you type it enough, so one suggestion might be to pick a ridiculously hard password and make a point to memorize it. But, I think there is a better way.
Come up with a sentence. It can be a favorite quote or saying, or even something that you have made up. Let’s take for example “ours is not to question why, ours is but to do or die.” (I remember this quote used a lot in an old Risk video game release….
Now, let’s take the first letter of each word. ointqwoibtdod … wow that looks impressive, but since we’re all lower case we only have 26 character possibilities, let’s mix the case a bit. How about we capitalize Ours Not Question Why Ours (again) But Die (everything but the 2 letter words). So now it’s OiNtQWOiBtdoD … this is looking promising. Let’s go back and do some number replacements to make it a bit more complex. 0′s for Os 0iNtQW0iBtd0D We could take this further, we could substitute 8 for B, 1 for i to help us remember that EVERY letter that resembles a number is swapped. But most places make you do 6-8 character passwords, what if that’s too long? Cut it in an easy to remember place… “Ours is not to question why” can be distilled down to 0iNtQW or if you want an 8 character password take the second half… 0iBtd0D
This may look very difficult still, but play around with the idea creating sentences of your own. Then work with them for practice. In some circumstances you may not want to limit it to just the first letter, you might take a few characters…. the word thinking – you might take th or thk or just tk, whatever you think you will be best able to remember. You also may play around with your number substitions. Who remembers the phrase “best friends 4 ever”…. I think you get the idea at this point.
No, I don’t use any of the above suggested passwords and neither should you. The more practice you put in at making good passwords the better you are at it.
Related PostsRelated Posts
- Ubuntu 6.06 LTS release Probably the biggest news so far today, at least in linux circles is the official release of the Dapper Drake.... Ubuntu 6.06 LTS (Long Term Support) (and kubuntu and edubuntu all...). I've been playing with an install based on the Release Candidate (and now upgraded to even include KDE 3.5.3...........
- Prepare for the April Fools Spyware Flood I received a message from some at superantispyware in the last day or two that is a well timed and good heads up. Every year there is a surge in spyware, malware and rogue activity around April Fools Day (April 1st). It's important to be aware and raise our skepticism......
- Debian development server compromise Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can......
- 9 Ways To Finance Your Next Real Estate Deal A key element to being successful in the real estate business is having the ability to fund your deals once you have secured them with a purchase agreement. If you find tons of deals but have no way to fund and close them you are never going to take advantage of......
- 3 Tips for Securing and Remembering Your Passwords I recently had a few friends that had their email accounts hacked. I provided them with a few tips for creating unique, easy-to-remember, and secure passwords. Afterwards, I thought it would be a good idea to share those tips with the rest of you. Use an Easy to Remember......
- Greed or No Greed [/caption]Today's guest post comes from Jeff Rose who is an Illinois Certified Financial Plannerâ„¢ and co-founder of Alliance Investment Planning Group. He is also the author of Good Financial Cents, a financial planning and investment blog. You can also learn more about Jeff at his website Jeff Rose Financial. On......
- Network Security guide for the home or small business network – Part 10 – use good passwords
- Debian development server compromise
- More on the spyware front, should banks assume information is stolen?
- The biggest computer security vulnerability ever
- ftp access problems with lulu.com