This weekly column will feature the latest topics and trends constantly emerging in a rapidly-growing technical world. Each week, we will focus on a specific technical topic, with topics covering a wide range of technical issues and the latest technical gadgets.
If there are any topics or products that you would like to see covered in this column, please email firstname.lastname@example.org.
There is not and cannot be a set of instructions on how to create a password that is both strong and memorable, because not all techniques work for every person, and many passwords must meet strict requirements.
This guide will attempt to establish a few basic guidelines and tips to use when creating a new password. For curiosity’s sake, see how long it would take to brute-force a password by guessing all combinations. Each example password provided is followed by the time required to crack it using an average home computer.
The strength of a password is determined by length, reliance on dictionary words, repetition of characters, inclusion of various character sets (capital letters, numbers and symbols) and use of personal identifiers.
When faced with the requirements of creating a password, many people will follow the same basic pattern which is easy to crack, “Abcdef” followed by “123!*” or “!*123”. Programs designed to guess passwords take advantage of the conformity to this pattern and the use of dictionary words.
An easy way to make a stronger password is to start with a phrase instead of adding numbers and symbols to the end of a word. First is an example of using a word and the padding technique: “Fluffy” (8 seconds) and “Fluffy12!” (3 days). The second option may look like it is more secure, but there are ways to make a much stronger password.
Lets start with the sentence “I have a cat named Joe I left him at home” and take the first letter of each word to use as the password. Choose letters to capitalize in the password “IhacnJIlhah” (33 years). Special characters can be added to represent words or add emphasis “IhacnJIlh@h:(” (33 centuries). Add numbers throughout or replace letters with numbers. This technique allows you to turn a memorable phrase into a secure password: “IhacnJ0317h@h:(” (3261 centuries).
It may be tempting to use personally relevant numbers and words, but these are quickly identified and more easily guessed by hackers.
Do not use any personal identifiers like zip code, street name, city or residence or birth dates important to yourself, your age, the current year, phone numbers, social security numbers, credit card numbers or the same password for all of your accounts.
If you do decide to use a personal identifier, combine it with additional characters or swap out some of the characters.
Obvious substitutions only provide minimal additional protection. These substitutions add a small amount of extra security at the cost of having to remember where and how substitutions were made. “l0ck3d” (37 seconds) is only slightly stronger than “locked” (10 seconds). The variety of characters used and dissimilarity from dictionary words are almost as important as the length of a password. The final technique focuses on length and is easiest to use when there are no requirements for numbers and symbols. This technique can be combined with previous techniques to meet requirements.
Choose four to eight random words that do not fit together grammatically and use a picture or other memory technique to remember them. Let’s start with “chickenwindowvitamintelevision” (11 centuries). The length is the greatest strength in this password, but it can still be cracked in only 3 hours with a supercomputer because it contains dictionary words. It can be made more secure by adding a number and some capital letters. Instead of capitalizing the first letter of each word, it is more secure to choose a few letters to randomly capitalize throughout the passphrase.
Finally, do not simply add numbers and symbols to the end to satisfy password requirements. It is more difficult to crack a password when the characters are randomly dispersed throughout. The end result provides a password that can be easily remembered as a picture.