How to create strong password
Published by Evil Bee Monday, 30 June 2008 03:09
Passwords are the primary method CMS use to verify a users identity. This is why password security is enormously important for protection and the single most important thing a user can do to protect his account against a password cracking attack is create a strong password.
When creating a password, it is a good idea to follow these guidelines:
- Do Not Do the Following:
Do Not Use Only Words or Numbers — You should never use only numbers or words in a password.
Some examples include the following:
8675309
juan
hackme
Do Not Use Recognizable Words — Words such as proper names, dictionary words, or even terms from television shows or novels should be avoided, even if they are bookended with numbers.
john1
DS-9
mentat123
Do Not Use Words in Foreign Languages — Password cracking programs often check against word lists that encompass dictionaries of many languages. Relying on foreign languages for secure passwords is of little use.
Some examples include the following:
cheguevara
bienvenido1
1dumbKopf
Do Not Use Hacker Terminology — If you think you are elite because you use hacker terminology — also called l337 (LEET) speak — in your password, think again. Many word lists include LEET speak.
Some examples include the following:
H4X0R
1337
Do Not Use Personal Information — Steer clear of personal information. If the attacker knows who you are, they will have an easier time figuring out your password if it includes information such as:
Your name
The names of pets
The names of family members
Any birth dates
Your phone number or zip code
Do Not Invert Recognizable Words — Good password checkers always reverse common words, so inverting a bad password does not make it any more secure.
Some examples include the following:
R0X4H
nauj
9-DS
Do Not Write Down Your Password — Never store your password on paper. It is much safer to memorize it.
Do Not Use the Same Password For All Machines — It is important that you make separate passwords for each machine. This way if one system is compromised, all of your machines will not be immediately at risk.
- Do the Following:
Make the Password At Least Eight Characters Long — The longer the password is, the better. If you are using MD5 passwords, it should be 15 characters long or longer. With DES passwords, use the maximum length — eight characters.
Mix Upper and Lower Case Letters — mix cases to enhance the strength of the password.
Mix Letters and Numbers — Adding numbers to passwords, especially when added to the middle (not just at the beginning or the end), can enhance password strength.
Include Non-Alphanumeric Characters — Special characters such as &, $, and > can greatly improve the strength of a password.
Pick a Password You Can Remember — The best password in the world does you little good if you cannot remember it. So use acronyms or other mnemonic devices to aid in memorizing passwords.
With all these rules, it may seem difficult to create a password meeting all of the criteria for good passwords while avoiding the traits of a bad one. Fortunately, there are some simple steps one can take to generate a memorable, secure password.
Secure Password Creation Methodology
There are many methods people use to create secure passwords. One of the more popular methods involves acronyms. For example:
Think of a memorable phrase, such as:
"over the hills and far away, to grandmother's house we go."
Next, turn it into an acronym (including the punctuation).
othafa,tghwg.
Add complexity by substituting numbers and symbols for letters in the acronym. For example, substitute 7 for t and the at symbol (@) for a:
o7h@f@,7ghwg.
Add more complexity by capitalizing at least one letter, such as H.
o7H@f@,7gHwg.
Finally, do not use the example password above on any of your systems.