Password Strength - a good technique
January 22, 2008 by Brad Simon
We would like to take a moment and post on passwords, and how strong they should be.
ALL PASSWORDS CAN BE HACKED. It is just how long it takes. Choosing a password to remember is no easy task. Especially in today’s world.
To keep things secure enough, you need a password that not only is AT LEAST 9 characters long, but SHOULD contain ‘funky’ characters, some letters, some number, and some caps.
Using all of these makes the types of hacking take a VERY LONG time. Usually long enough to get caught. But nothing is that secure, yet. The type of attack is called a ‘Brute Force’ attack. It simply runs through all possible combinations of passwords to find yours. So, if you use aaaaaaa, you are done in about .001 second.
So, how do you get a password that you can remember, and not have to write down everywhere? Pick a phrase that YOU know, pick a DATE that you know. or some other number important to you. Take out some vowels, throw some caps in there, then mash it together with the date in a manner you might actually remember.
An example:
Phrase: your mama wears army boots
Date: 01-22-2008 (today)
take the phrase and take out every other vowel (and all spaces):
yormamwersamybots
Take the date, cram it together and take out the zeros:
12228
put it together:
yormamwersamybots12228
Now, mix it up (cap some letters - picked first of every word)
YorMamWersAmyBots12228
Now you need to have some ‘funky characters’ take 2 of the numbers in the data (first two in this case) and hit the shift key on them:
YorMamWersAmyBots!@228
There you have an extremely secure password. I DO NOT RECOMMEND THIS ONE… IT IS POSTED!! (no this is not the one I use for anything :))
Yes, this one is an extreme example, use what works for you. You can use the same general password when you have to change passwords, like use different caps or something. That way you can have an arsenal of excellent passwords that you can cycle through. Make sure you mix it up, and change your passwords.
It IS a pain. If you only use this type of password on your financial sites, you are far ahead already.
