Find:      
Text size:  Increase|Decrease| Reset
Fighting back/ Preventive measures/ Safeguarding data/ Secure passwords
Choosing secure passwords

Click to podcast this page.The important thing to remember while choosing a password is to make it as difficult as possible for a cracker to make guesses based on experience about what your password is. If he cannot crack your password by guessing it, he has no choice but to do a brute-force search. This means trying every possible combination of numbers, letters, and punctuation.

Even if a search of this sort were conducted on a machine that could generate and try out one million passwords per second (most machines can only do less than one hundred per second), it would still require, by statistical probabilities and averages, more than a hundred years to crack a fifteen character long password. Therefore, the following generic steps should be taken to make it impossible for your password to be guessed by a cracker of any level of intelligence.

Content Jump:

 

What should not be done?

    Related links

    Learn about Cryptography
    Deterring hackers

  • Do not use your login name regardless of what form it is in (as it is, reversed letters, capitalized, doubled letters, etc.) For example, if your username is Davison, then your password cannot be DAVISON, ddaavviissoonn or nosivad.
  • Do not use any part of your real name (first, middle or last name) in any of the above forms.
  • Do not use the names of your immediate family members (spouse, children, parents etc.) in any form.
  • Do not use other information that can easily be obtained regarding you. Unfortunately, this includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc. Any such data can quite easily be obtained by a determined cracker.
  • Do not use the word “password” as a password as this is probably the most common password in the world and the first to be tried by the cracker.
  • Do not use a password which include all digits, or only the same letter. This makes it much easier for the brute-force program to crack your password.
  • Do not use a word which can be found in any dictionary of any language (English or otherwise), spelling lists, or other lists of words. The brute force program will exhaust such options first.
  • Do not use a password shorter than six characters. This is obvious, as the program will take much less time to find the right combination.

Back to Jump

What should be done?

  • Use a password with alphabetic characters which come in both capital and small letters. (for example, BaPyyNU)
  • Use a password with some non-alphabetic characters, e.g., digits, symbols or punctuation marks.
  • Use a password that can be easily remembered so that it is unnecessary to write it down.
  • Use a password that can be typed quickly, preferably without even having to look at the keyboard. This is to eliminate the possibility of someone finding out your password by watching you over your shoulder.

Back to Jump

How to choose secure yet easy to remember passwords?

  • You can choose lines from songs or poems, and use the first letter of each word. For example, “Sugar spice and everything nice, that is what little girls are made of.” becomes “ssaentiwlgamo.'' It is easy for you to remember it and impossible for others to guess.
  • Alternate between one consonant and one or two vowels, up to eight characters. This provides nonsense words that can still be pronounced easily, and thus can be easily remembered. Examples include ``moutlong,'' "suatpoy,'' and so on.
  • Choose two short words and join them together with a punctuation character between them. For example: “dog;rain,'' “book+mug,'' “kid?goat.'' This makes it impossible for brute-force programs to cross-refer to dictionaries and pin down the password.

It is understandable that these measures are difficult and troublesome to implement. There is, of course, no reason to believe that someone who has chosen his or her name, username or even the word “password” as a password is sure to have it cracked. Certainly, the probability of home users being under attack by determined crackers is quite remote. Nevertheless, one must remember that it is only remote, not impossible. Office users who need passwords to access networks, however, need to much more responsible regarding the passwords they choose as one password leaking out can lead to the entire network being brought down by even one amateur hacker.

Back to Jump

Reference

Choosing Passwords
http://www.comptechdoc.org/docs/ctdp/howtopass/

Selecting Good Passwords
http://www.alw.nih.gov/Security/Docs/passwd.html

Choosing Good Safe Passwords
http://arar.essortment.com/choosingpasswor_rvai.htm

Password Do's and Don'ts
http://www.cit.cornell.edu/atc/itsupport/instruct/policy.shtml
Disclaimer | Sitemap | Credits | Help | Turn-on Images | © Cybercrime : Piercing the darkness