Tue 6 Dec 2005
Comments Off on Strong Passwords – How and Why
What in the world is a strong password? Simply put, a strong password is one that is very difficult to guess. Not just for a person to guess, but difficult for a computer to guess as well.
Everyone knows some of the simple rules for choosing passwords; donâ€™t use your or your familyâ€™s names or birthdates, sequential letters or numbers like â€œabcdâ€ and â€œ1234â€, your user name, etc. so a person cannot guess your password. That is a very simple thing to accomplish, and most of us have been doing it for years because people were guessing. Those times have changed. With so much information on-line and so much to be gained by breaking into systems, hackers have changed tactics. They now use sophisticated equipment to launch a new breed of attacks such as a â€œdictionaryâ€ attack.
A dictionary attack is just like it sounds. A computer will be used to try to guess the password by trying every word in the dictionaryâ€¦not just the English dictionary, but other languages as well. It will also try combinations of words, numbers, common key sequences like adjacent keys on the keyboard such as â€œasdfghjklâ€, etc. Sounds time consuming, doesnâ€™t it? Well, it is, but if you consider the payoff from one timely, successful hack, a thief will gladly wait a month for his computer to guess the password. It is because of these types of attacks that you use a strong password â€“ one with a combination of letters, numbers, and symbols.
Over the past few years, Iâ€™ve adopted the philosophy that there really is no such thing as a completely secure computer system. Given enough time and resources, a determined hacker can gain access almost to almost any password protected system. That doesnâ€™t mean you should give up on protecting yourself. I just accept it and try to make it as difficult as I can for a hacker to break in. In doing so I am, hoping that they will move on to another less-protected computer. Using strong passwords is one of the methods I use in pursuit of that goal.
So how do you make a strong password? You feed it BBQ of course! (Just kidding) As I stated before, you will want to use a combination of letters (both upper and lower case), numbers, and at least one special character like these: â€œ!@#$%^&*()_+â€. The letters should not spell any word in the dictionary of any language, and the special symbol should be in the first eight characters. You also cannot simply substitute numbers and symbols for letters in words such as â€œS@nFr@ns!scOâ€. Hackers know those tricks too.
I donâ€™t know about you, but I could BARELY keep track of all my passwords even when I was using simple, common words. How in the world can we now be expected to come up with something like â€œi8t#sor4sâ€? One way Iâ€™ve found that works for me is to use a â€œpassphraseâ€. It is a phrase that I can easily remember, and then convert to a strong password. In my example, I started with the sentence â€œI ate two pounds of ribs for supper.â€ I then used all of the first letters to come up with the password â€œiatporfsâ€. Thatâ€™s a decent password by itself, but Iâ€™ve made it stronger by using my own style of substituting the word â€œateâ€ with the number 8, â€œforâ€ with the number 4, and â€œpoundsâ€ with the combination of â€œ#sâ€.
Thatâ€™s not too bad, but you probably have a dozen or more passwords to manage like I do and they are still hard to keep track of. You will have to decide how far to go with your efforts, but hereâ€™s what I do. I have a couple accounts that are critical to protect, like my bank account. Iâ€™ve made unique strong passwords for those accounts, and change them frequently. For the others, I use a couple different strong passwords that are a little easier to remember and type. Letâ€™s face itâ€¦if someone breaks into my Club Photo account, Iâ€™m going to be inconvenienced at worst.
Those are the basics, and I hope you follow my advice. Everything you can do to make a hacker pass you up for an easier target will help. For more information, visit the following web pages:
Unfortunately, our ever-increasing use of computers in our life means security will be an issue we will always have to deal with. I recently read an article that explained why using passwords alone, even strong passwords, may not be enough. Sigh.
Safe computing and happy holidays everyone!