Have you ever purchased a piece of luggage with a tiny lock and a stamped piece of metal that sort of looks like a key? Would you put anything valuable in that luggage and ship it anywhere? I didn’t think so!
Now let’s consider passwords, which are the keys to your valuable personal and corporate information. Would you consider securing that valuable information with a cheap lock that could be opened with a paperclip? That lock is what a weak or easily guessed password looks like to hacker. On the other hand, strong passwords, if properly crafted, are nearly unbreakable.
Some of the common methods many of us use to create passwords, such as using your pet’s name or your child’s name combined with their year of birth, inherently make our passwords vulnerable and easy to guess. To prevent weak, easy-to-guess passwords, steer clear of these common mistakes:
- Don’t use sequences or repeated characters. “12345678,” “222222,” “abcdefg,” or adjacent letters on your keyboard.
- Avoid using only look-alike substitutions of numbers or symbols, without other safety measures. Criminals and other malicious types who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an ‘i’ with a ‘1’ or an ‘a’ with ‘@’ as in “M1cr0$0ft” or “P@ssw0rd”. However, these types of substitutions may be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
- Don’t even think about using your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.
- Avoid dictionary words in any language. Criminals use commonly available password cracking tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.
- Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.
How to create a Strong Password:
Here are some guidelines you can follow to create a password that will stand up to the common forms of criminal attack.
- Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. In general, your passwords should be 8 or more characters in length; 14 characters or longer is ideal. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words (a “pass phrase”). A pass phrase is often easier to remember than a simple password, as well as being longer and harder to guess.
- Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess.
- The fewer types of characters in your password, the longer it must be. A 15-character password composed of random letters, symbols, and numbers is about 33,000 times stronger than an 8-character password composed strictly of characters from the alpha keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.
- Use the entire keyboard, not just the most common characters. Symbols typed by holding down the “Shift” key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
- Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective. In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers.
Try using these methods to create your strong passwords:
- Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as “My son Aiden is three years old.”
- Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.
- If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you’ve created to create a new, nonsensical word. Using the example above, you’d get: “msaityo”.
- Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden’s name, or substituting the word “three” for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become “My SoN Ayd3N is 3 yeeRs old.” If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like “MsAy3yo”.
- Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of “MySoN 8N i$ 3 yeeR$ old” or a password (using the first letter of each word) “M$8ni3y0”.
- Test your new password with the Microsoft Password Checker. Visit this site and get your password rated as you type.
Jeff Dettloff is the President and Chief Problem Solver for Providence Consulting, Lansing’s leading provider of advanced computer services and innovative technology solutions.