How to make passwords safe and strong
A good password is one that’s easy to remember, but a strong password requires a little more effort.
“Given the speed and power of today’s computers, it is very hard to create a real good password,” said Doug Ford, owner of CSRgroup, computer security consultants. “Most people who crack passwords or create password-cracking tools or programs know the tricks people like to use, such as using things from their life such as names and birth dates, and then appending characters to the end of those words.”
Noted computer security expert Bruce Schneier suggests that you should pick a sentence that you can remember, such as “On the last day of high school I got a blue car” and create a password from that, such as: Otld0hS1gAbc.
Another option is to use a password manager to create and store strong passwords, Ford said: “The only password you would need to remember in that case would be the one to unlock the password manager application. These applications can create passwords such as 7$Ghi2!-naP4V), which no one can remember but are very difficult to crack.”
Longer is better for a strong password.
“The longer the password, the more time it would take a program to crack it. So make the password as long as you can and still be able to remember it. The example above based on the sentence is 12 characters. That is probably the minimum length,” Ford said.
The more variation you have in a password the harder it will be to break.
“Use a combination of upper- and lowercase letters as well as numbers and symbols. Also, don’t just add an exclamation point to the beginning or end of your password or add 123 to the end and call it a day. Any decent password cracker will try those combinations pretty early on,” Ford said.
When you craft that perfect password, resist the temptation to use it for everything.
“Ideally, you don’t want to reuse the same passwords on multiple sites. If you use the same password to login to Facebook and your Gmail account, and Facebook gets hacked, they could gain access to your email account as well. Not to mention if you use the same password to access your bank account online,” said Ford.
What to avoid
Now that you know what makes a good password, there are also things to avoid such as “you or your family’s personal information. Names, dates, team names, favorite car, etc. Anything that could be realistically discovered about you or your family from social media or public records searches should be avoided,” Ford said.
Also avoid words that appear in the dictionary.
“Most people that crack passwords have huge lists of words and standard permutations (substituting zeros for the letter O or adding 123 to the end, for example) that they use. I have a standard password list of over 1 million words and permutations. If a password is in that list or has a common permutation, I can crack it in minutes,” he said.
If you use sites that offer two-factor authentication like Gmail, PayPal and eBay, use it.
“Two-factor authentication combines two things, normally something you have and something you know, as a form of authentication. Take an ATM for example. It uses two-factor authentication. I have my credit card and I know my PIN,” Ford said. “This authentication makes it much more difficult to break into a user’s account, since the hacker would not only need the ‘something I know,’ my password, for example, but also the ‘something I have,’ such as my key fob that produces a one-time PIN that I need to enter on the site to gain access.”
Like most people, Ford hates “to arbitrarily change my password every 30, 60 or 90 days. If you have a good, strong password, there is no need to change it unless you know it was compromised somewhere.”