How To Create Secure Passwords Scott Ellis April 10, 2012 Tip A Day 2 Comments 51 Shares Google+ 1 Twitter 34 Facebook 7 LinkedIn 9 Reddit 0 Pin It Share 0 Buffer 0 51 Shares × Tip A Day #7 If someone wanted to hack your Facebook, bank or other account how hard would it be to guess your password? If you use the simplistic passwords that many (maybe even most) do it wouldn’t be too hard. With all of the passwords we have to create, use and keep track of it’s no wonder we’ve gotten a little lazy about it. Unfortunately we don’t realize how troublesome a hacked account can be until it actually happens to us and by then it’s too late. As a web developer I get calls fairly often from people who’ve been hacked needing help cleaning the mess up and weak passwords are one of the most common causes. Here are a few tips to help you keep your data, among other things, safe and keep a hacked account from happening to you. Creating a More Secure Password Start by using a “pass phrase” which will function like your password but it’s a compound of two or more words making it more complex by nature. Mix up your new “pass phrase” with special characters and numbers when you can (some places don’t allow special characters). Mix the case of characters, to a computer a capital “A” and a lower case “a” aren’t the same thing so swap em’ out! Shoot for a pass-phrase that is 12 – 15 characters. Things to Avoid Names or other information easily associated with you (places you’ve lived, streets you’ve lived on, names of family members, birth-dates, etc…). Standard Dictionary Words Instead, try places or things that are meaningful to you but would be very hard for someone to figure out. In the video I mentioned Walt Disney creating a password like *M1ck3yM0us3! which would be great in that it’s got two words (pass-phrase) uses mixed-case, special characters and numbers. Unfortunately it wouldn’t really be a great password for Walt to use since Mickey Mouse is pretty easy to guess if you’re trying to hack into his stuff. How Attacks Occur While attacks can be, and certainly have been, the result of some person trying to break in to a system, a more likely scenario is a hacker setting up a script to automatically keep trying passwords until it gets one right. This is known as a brute force attack and thanks to the speed of computers, weak passwords are VERY susceptible to this kind of attack but strong passwords are pretty resilient. How long would it take to hack a password: (excerpted from John P’s Post “How I’d hack Your Weak Passwords” on OneMansBlog.com). Password Length All Characters Only Lowercase 3 characters4 characters 5 characters 6 characters 7 characters 8 characters 9 characters 10 characters 11 characters 12 characters 13 characters 14 characters 0.86 seconds1.36 minutes 2.15 hours 8.51 days 2.21 years 2.10 centuries 20 millennia 1,899 millennia 180,365 millennia 17,184,705 millennia 1,627,797,068 millennia 154,640,721,434 millennia 0.02 seconds.046 seconds 11.9 seconds 5.15 minutes 2.23 hours 2.42 days 2.07 months 4.48 years 1.16 centuries 3.03 millennia 78.7 millennia 2,046 millennia Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster. If you want to go for something really strong and hard to get at try using something like strongpasswordgenerator.com to come up with truly obscure and difficult passwords. Use it as a starting point then modify the password to suit you. Here’s to keeping your online self safe. If you have ideas for tips I’d love to hear from you on twitter @vsellis or on google+ at gplus.to/scottellis. If you have suggestions or other ideas on the password topic leave us your thoughts in the comments below. Learn Something New Everyday! 51 Shares Google+ 1 Twitter 34 Facebook 7 LinkedIn 9 Reddit 0 Pin It Share 0 Buffer 0 51 Shares × 2 Responses Pablo April 11, 2012 *M1ck3yM0us3! Yes, it’s secure, but is also very hard to remember and not nearly as good as something like D0g………………… I won’t bore you with the details, for more info: grc.com/haystack.htm Chris Farr April 10, 2012 First off your mostly right. Read this for the easiest and simplest explanation of password strength: https://xkcd.com/936/ Then please never tell anyone to use a website to generate a password, do I even have to explain how bad of an idea that is. What are you new?