How To Create Secure Passwords

Tip A Day #7

If someone wanted to hack your Facebook, bank or other account how hard would it be to guess your password? If you use the simplistic passwords that many (maybe even most) do it wouldn’t be too hard.

With all of the passwords we have to create, use and keep track of it’s no wonder we’ve gotten a little lazy about it. Unfortunately we don’t realize how troublesome a hacked account can be until it actually happens to us and by then it’s too late.

As a web developer I get calls fairly often from people who’ve been hacked needing help cleaning the mess up and weak passwords are one of the most common causes.

Here are a few tips to help you keep your data, among other things, safe and keep a hacked account from happening to you.

Creating a More Secure Password

1. Start by using a “pass phrase” which will function like your password but it’s a compound of two or more words making it more complex by nature.
2. Mix up your new “pass phrase” with special characters and numbers when you can (some places don’t allow special characters).
3. Mix the case of characters, to a computer a capital “A” and a lower case “a” aren’t the same thing so swap em’ out!
4. Shoot for a pass-phrase that is 12 – 15 characters.

Things to Avoid

1. Names or other information easily associated with you (places you’ve lived, streets you’ve lived on, names of family members, birth-dates, etc…).
2. Standard Dictionary Words

Instead, try places or things that are meaningful to you but would be very hard for someone to figure out.

In the video I mentioned Walt Disney creating a password like *M1ck3yM0us3! which would be great in that it’s got two words (pass-phrase) uses mixed-case, special characters and numbers. Unfortunately it wouldn’t really be a great password for Walt to use since Mickey Mouse is pretty easy to guess if you’re trying to hack into his stuff.

How Attacks Occur

While attacks can be, and certainly have been, the result of some person trying to break in to a system, a more likely scenario is a hacker setting up a script to automatically keep trying passwords until it gets one right. This is known as a brute force attack and thanks to the speed of computers, weak passwords are VERY susceptible to this kind of attack but strong passwords are pretty resilient.

How long would it take to hack a password:

(excerpted from John P’s Post “How I’d hack Your Weak Passwords” on OneMansBlog.com).

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

If you want to go for something really strong and hard to get at try using something like strongpasswordgenerator.com to come up with truly obscure and difficult passwords. Use it as a starting point then modify the password to suit you.

Here’s to keeping your online self safe.

If you have ideas for tips I’d love to hear from you on twitter @vsellis or on google+ at gplus.to/scottellis.

If you have suggestions or other ideas on the password topic leave us your thoughts in the comments below.

Learn Something New Everyday!