Knowledgebase

One of the biggest problems with computer security is passwords. People forget them - for any number of reasons - they go on vacation, they don't use the password very often, lack of sleep, too much sleep, insert your reason ... In an effort to make remembering passwords easier, many people use simple passwords such as a single word or their kids/spouses/pets names or birthdays.

The problem with this is that it is extremely easy for a hacker to gain access to a system or website through one of these simple passwords. There are tools that they can use to try common words and phrases and if they know you, they can guess birthdays and family names. But making a secure password that you can remember is not as difficult as it may seem.

What is a bad password?

For me it has been easier to explain what a secure password isn't first and then show some methods on how to create one. So first, the list of DON'Ts:

1. No Real Words - As I mentioned before, hackers have tools and methods to guess passwords. The most common is a dictionary attack. Basically they try all of the words in a dictionary starting with the most frequently used. If that doesn't work, then they will try common phrases like mydog or bluesky. In a lot of cases, this is all that they need to do to find a password. So, step 1 to a secure password is not to use real words or even common phrases.

2. Include Numbers but NOT Birthdays - Why is a birthday a bad idea? How many of you have signed up to a My Space or other social site where you enter your birthday? That is the easiest way for a hacker who doesn't know you to get your birthday. Now, if you use your real name and location on these sites, it is very easy to look up public records and find out who you are, your demographics, your marital status, and other items like birth records. Also, if your local newspaper publishes their articles online, then they can also look up any article that has your name in it.

3. Do not use Family Names - for exactly the same reasons mentioned above, do not use your name or family member names - also, commonly used names can be picked up on a dictionary attack.

So, if I can't use real words or phrases, names or birthdays, then what can I use that I can remember?
Please don't tell me that I have to use something like 3efsE#d6j ...

What makes a password secure?

Most systems these days require a "complex" password. For a password to be complex, you need at least one of each: capitol letter, lower case letter, and a number. Some systems now require a special character such as the characters !@#$%^&*() or a space. (Since there are still a lot of websites that can't tolerate special characters, this discussion will only mention adding them to your password.) Also, longer passwords are better passwords. The standard is a minimum of seven characters. I try to keep mine between 7 and 12 characters in length.

There are several methods for creating passwords. One very common method is to use seven or more words from a sentence and use the first letter of each word to make up a complex password. For example, if you take the first seven words from the second paragraph of the Declaration of Independence you have "We hold these truths to be self-evident", now take the the first letters of each word and you have whtttbse.

Since we need to make our password complex, lets change it up a bit.

• First lets make every other letter capitol:   WhTtTbSe.
• Second, to add a number to the mix, lets make the word 'to' a 2 instead:   WhTt2bSe
• Lastly, if your system requires a special character, then add it to the end:   WhTt2bSe!
  

Test it!

It is highly unlikely that a hacker would guess this password. However, it is possible, because the sentence that we used is very popular! Don't use this example as a real password!!! Once you choose a password, search for it in Google. If it shows up, then don't use it. For example, our example password showed up three times at the time of this writing.

There are many possible methods for creating a complex password. Depending on your interests and ways of learning and memorizing, the way that you choose to create a password may not look like this one. It is important, however, that you do try to make your passwords complex and also to change them often!

Add to Favourites

Print this Article