Creating strong passwords (and passphrases) in six easy steps
Why should you care? Because last year InformationWeek reported that simple passwords created using short, simple key sequences can be easily cracked:
"For example, a lowly P3 PC running a widely available cracking tool at just 500 MHz was able to guess the password "ChEcK12" in only 26 seconds; and today's top-of-the-line PCs could perform the same crack almost instantly. (For more examples of just how quickly simple password techniques like this can be bypassed, see this page from McMaster University). It's scary stuff."
1. Think of a sentence that you can remember. (see more on "passphrases" below)
2. Check if the computer or online system supports the passphrase directly.
3. If the computer or online system does not support passphrases, convert it to a password.
4. Add complexity by mixing uppercase and lowercase letters and numbers.
5. Finally, substitute some special characters and symbols for common letters.
And last: Step 6. When you're done, you can test your new password with Password Checker, a non-recording feature the Microsoft.Com site that tests the strength of your as you type.
I like the suggestion of using a passphrase which when used as a password is as long as the phrase is in number of characters. As the Wiki notes, passphrases are usually longer than a password, with 20 to 30 characters typical of many passphrases, "making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary."
So, passphrase of "MydogSpotisblackandwhite" may be better than "mydogspot." Again, InformationWeek suggests that passphrases can be more secure "because they're made of a series of words rather than totally random characters, they're much easier to remember than conventional passwords of similar length."
- InformationWeek: How to Build Better Passwords
- How To Choose A Passphrase
- Help Safeguard Your Personal Information Online
- Safer Shopping Online
- How Internet Explorer Keeps Your Data Safe
- ASP Alliance with more on passphrases (with additional links to more info)
Also available via http://bit.ly/d5xJxE