Sunday, July 3, 2011

How to Create a Strong Password

About Passwords

Nowadays, having a strong password is a must, however people are more likely to have an easy one or two and use it for every online account or email. Probably it is conditioned by the fact that more and more things require passwords and remembering them all might be not as easy as it seems. However having an easy password is a bad idea too, because criminals or other malicious players can easily hack it, steal all your information and even cause damage by, for example, expending all your money. Therefore some simple tips below are intended to help you in creating a strong password.


5 Basic Rules

  1. The first and most important – keep your password in secret. This must be applied for everyone, even the closest family members, friends or colleagues – you can never be sure for their precaution or intentions. Moreover, don't use unsecured channels or email for sending your password to someone.
  2. Make your password easy to remember, but difficult to guess. Perhaps it seems impossible, but actually it is not that difficult. Check the section below, it will suggest you how to make a strong memorable password. And remember – avoid writing your password down, unless you lock it or encode.
  3. Don't use the same password for everything. Doing that increases the possibility for malicious people to track and hack your password. Each password you choose must be new and different. If you have many problems with remembering a huge number of different passwords, try to distinguish your information to very sensitive and not so sensitive (no harm if hacked) and then for the latter use strong, but the same password.
  4. Change your password regularly. It means at least once a year or whenever you suspect that somebody knows it.
  5. NEVER change your password because of someone claiming that you have to. This is a popular fraud in some circles. A hacker pretends to be your system Auto Infoistrator or other important person and sends you an email, in which he asks your password for some feigned reasons. If you believe him, he will get the entry to your account straightly from you, practically without any hassle!

Features of Weak Passwords

  • a common word written in English or any other language,
  • a word(s) that means something to you and can be found in your environment, such as the name of your husband/wife, child, pet, favorite book, food, film character, musician, etc.,
  • your name or nickname even spelled backwards, upgraded with numbers, mixed case letters, etc.,
  • an alphabetic or numeric series either forwards or backwards, for example: 1234567 or 7654321, ABCDEFG or GFEDCBA,
  • a row of same numbers or letters, i.e. 0000000 or ZZZZZZZ,
  • a common keyboard shortcut, i.e. QWERTY or AZERTY,
  • a single number tacked on the end or beginning of the word, i.e. elephant7 or 7elephant.

Features of Strong Passwords

  • at least eight characters long,
  • mixed upper and lower-case letters (ElePHanT), numbers (1-9) and symbols (!”£$%^&*),
  • memorable, but unpredictable,
  • not written down,
  • easy to type without looking at the keyboard, in case someone is watching over your shoulder.


Creating a Strong Password

There are more ways in which you can create a strong password, however only two of them are suggested here. Using them will definitely help you to create a strong and memorable password.

Phrase method. The basic idea behind this method is to pick a phrase and transform it into a very complicated, but easily remembered password.

1. First of all, think of a simple, at least eight words long sentence that means something to you. This could be a summary of your daily activities, family or just the lyrics of your favourite song, for example "My wife hates me when I am snoring".
2. Then take the first letters of each word. You already have a completely unique string of characters: "mwhmwias".
3. To make your password even more complex, you should mix upper and lower case letters, add digits and/or symbols somewhere in the middle. Using the example above, you'd get: "mWhm9wiAS"
4. Then change regular characters with special characters by your own rules. These rules can be something like this:
  • replace 'a' with @
  • replace 's' with $
  • replace 'o' with 0
  • replace 'i' with !
  • replace 'and' with & or +
Using the example above, we get: "mWhm9w!@S". It is evident that no one will simply guess it. Here's a video which explains how to choose a strong password, which is easy to remember but still hard to crack:



Three-part method. Another method is based on composing your password from three different parts. For instance, let's create an example of password for your "Facebook" account.

1. Primarily, we can use three or four characters from the website name written is several ways, such as "FAC" or "fAc" or "FaBo", etc. We chose "FaBo", because it is quite memorable row.
2. In contrary to the first part, the second part should be completely random and composed from digits and/or symbols, for example, "39$2". This part can be written down, as it can't be remembered so easily, but also should be hidden in a secret place. So we already have "FaBo39$2".
3. Finally, add three more characters, which can be named as your "PIN", for example: "!56". This part should never be written down, just like you bank card's or phone PIN. Place it either on the beginning/end or in the middle of your password, just like this: "!56FaBo39$2" or "FaBo39$2!56" or "FaBo!5639$2". Now you have a complete password.

Remembering Your Password

As it was mentioned many times above, remembering passwords might be sometimes difficult, but writing them down is too reckless. If your head is already crowded by countless logins and passwords, you can try two pretty safe alternatives:
  • a secure password management software program, which stores all your passwords in highly-encrypted databases and is locked with only one master key or a key file,
  • a strong encryption utility, which encrypts text files, i.e. your written passwords.
Password management software: Roboform, Password Safe, KeePass, LastPass.


Few Ways of Hacking Your Password

Probably you are still wondering, how anyone can get hold of your password. Well, here are the main three techniques introduced, which will convince you that having a weak password is very incautious.

1. Stealing. This is the most popular and simplest way to compromise passwords, which can be realized by finding it written down somewhere or simply watching over your shoulder when you type it.
2. Guessing. It is incredible how many people are using the same "standard" passwords. There are many sites, which presents the top of most popular passwords, usually the very weak ones. Check it out, maybe your password is not as unique as you thought until now! 10 Most common passwords:
  • 123456
  • 111111
  • 123123
  • qwerty
  • password
  • password1
  • 123321
  • abc123
  • letmein
  • 123456789
3. Attacking. There are two ways of attacking:
  • a brute force attack. The main idea of this method is to try every thinkable combination of letters, numbers and symbols in order to guess the password. Obviously, doing it manually takes too much time, but there is a bunch of password guessing and hacking programmes, which shouldn't be underestimated.
  • a dictionary attack. This method is a little bit more intelligent than the previous one, because primarily checks if your password can be found in dictionaries. It means that with a help of various software tools, hacker tries every word in your national and foreign language dictionaries, until your password is found. Moreover, the list of the most popular passwords is also tried.

If Your Password Gets Stolen Anyway...

Unfortunately, even the strong and memorable passwords sometimes can be hacked or stolen. This, for example, might happen when someone breaks into the system that stores it. Therefore it is very important to notice any suspicious activities as soon as possible, because then you might be still able to inform the authorities or block your online account before something bad happens.

No comments:

Post a Comment