What is a strong password?
Eveyone knows you need a strong password if you want to be secure online. The problem with passwords is that you need so many of them. You are supposed to have a unique password for every system that you log into. Not only that, but each password needs to be strong. The strength of a password is determined by its length, complexity, and unpredictability. Stronger passwords are more effective at resisting guesses and brute-force attacks.
No Standard Measure
‘Length’, ‘complexity’, and ‘unpredictability’ are all rather vague terms, what is needed is a standard measure of password strength.The computer industry uses a complex formula to specify password strength which is derived from information theory. The formula is known as ‘Entropy’. The problem with entropy is that it focuses on a mathematical solution rather than user’s behaviour.
Bad Advice
We have all been advised not to write our passwords down. On the face of it that sounds like good advice. The problem is that, if you don’t write your password down you have to remember it. Having to remember your password has two very bad effects. Firstly, you choose a shorter, simpler and more predictable password, ie a weaker password, and secondly you re-use your password. It is better to write your password down than to re-use a weak password.
How Hackers work
Password Hackers buy or steal password files on the internet. The password files contain thousands of passwords in a scrambled form known as a ‘Hash’. To crack a password they use software to guess your password by trying to match it to any password in the Hash.
Bad Passwords
When hackers run a hashing function on your password they will start with the most popular passwords. The following are the 25 most popular passwords and should be avoided at all costs. The list was compiled by SplashData, a popular cross-platform password manager:
1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 123456789
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1
Strong Passwords
A strong password will contain the following:
Uses at least 8 characters.
Uses special characters such as @#$%^& and/or numbers.
Uses a variation of upper and lower case letters.
Does not use easily guessed information such your birth date, phone number, spouse’s name, pet’s name, kid’s name, login name, etc.
Does not use any words found in the dictionary.
Long Passwords and Password Phrases
Long passwords tend to be stronger as do complex passwords. Complex passwords contain letters, numbers and symbols in a random order. The problem with complex passwords is that they are difficult to use, having to enter all that gobbledygook can be very frustrating. Long passwords are seen as more usable. The problem is that not all long passwords are very strong, some are just too predictable. One approach to creating a password is to use random words in a phrase, this is both long and unpredictable. The problem here is that we are very bad at picking random phrases, if you try to think of a list of random words now, it is quite difficult to do, we humans like order. Nevertheless there are strategies for picking random words, use every third word on the sixtieth page of a selection of books for example. The problem here is that you are likely to generate a phrase that is not very memorable . It seems that people are no better at remembering random pass phrases than random passwords, and because the pass phrases are longer, they take longer to type and people make more errors while typing them.
Base Passwords
A solution to the problem of having to remember lots of unique passwords is to use a base password which you can alter slightly for each service you want to use. You might change letters to numbers and symbols, for example changing the i to 1 or ! and the s to $ or 5, etc.
Strategies for finding Strong Base Passwords
Use A Favorite Book – pick a random phrase from a random page then substitute some of the numbers and symbols
Remove the vowels – remove the vowels from a random phrase to create a new word for example the phrase “being without quality” becomes “bngwthtqlty”
Use Motor Patterns – This works better when trying to remember a PIN using a keypad. If you wanted to remember the PIN 8426 you might think of a diamond pattern starting at the bottom. Using the keypad you would start “8” go up one and left to “4” up one and to the right to “2” and finally down right to “6” thereby tracing a diamond pattern on the keypad.
Use an old car registration number – most of us can remember the registration number of our first car, you can use that as a base password and then add and subtract numbers and letters as appropriate.
Connect The First Letters Of A Passphrase – choose a random phrase and use only the first letters. for example “Home is where the heart is.” becomes HIWTHI
Mix words together – take two random words and mix alternate letters to form a new word for example “house” and “frost” becomes “hforuosset”
Reverse words – simply reverse a word so “zodiac” become “caidoz”
Password Meters
There is a huge array of password meters available on the internet that claim to test the strength of your password. Some password meters are built into the sign up process when you create a password. Most of the password meters do work, the better ones make you work harder to create an effective password before they give you the okay.
What makes a strong password
A strong password is long password that is unpredictable, memorable and easy to type. It doesn’t hurt to throw in a few symbols and numbers too, just to add to the complexity. Remember it is better to write it down and keep it safe than re-use it.
