Monday, November 25

Passwords: Why “Password” just doesn’t cut it anymore.

By: Kevin Schaefer. Published: March 14, 2011

What’s your password? No! Don’t answer that; chances are, with a little time and maybe the use of some software, your passwords could be cracked. So, should you say “good-bye” to online banking, Facebook, or email? Of course you don’t!

It’s not necessary to give up using passwords, as long as you practice some safe habits when creating a password.

So, what denotes a strong password, and which passwords should you stay away from? The two most important words to remember: length and complexity. According to Microsoft, it’s strongly recommended that you use a password of at least 14 characters or more. But why does having a longer password make it more difficult to crack? Do the math. With a five character password, using only lower case letters, the total number of possible passwords is 265 (that’s: 26 to the power of 5, or approximately 12 million possible passwords). Even though that sounds like a lot, consider this: today’s computers are capable of trying every one of those combinations in only a few minutes. OH NO!

Let’s remember, that was only a 5 character password. If you followed Microsoft’s recommendations and used a 14 character password, the total number of possible passwords jumps to 2614 (or around 64,000 trillion possible passwords)! It would take more than just a few hours for even a fast computer to try every possible password. In fact, if a computer were able to try one million passwords per second, it could take as long as about two million years to correctly find the password.

However, this is only taking into account passwords made up of only lowercase letters. Once you start using uppercase and lowercase letters, as well as digits and symbols, the number of passwords sky-rockets (with 6414, or roughly 19 billion-trillion combinations; or almost 300 thousand times more than if only lowercase letters are used). If a computer could try one million passwords per second, it would take around 600 billion years to guess every combination.

Of course, if you were to use “PasswordsAreGreat” as your password, you would be in for a surprise. While it’s true that there are 17 characters in this password, they are really just three dictionary words. You should never use dictionary words as passwords. Why? Because there aren’t that many dictionary words, especially compared to the huge number of passwords that are possible when using random letters, digits, and symbols. These types of passwords are much more simple to guess.

You also shouldn’t use repeated characters or sequences such as “1111111”, “1234567”, “aaaaaaa”, or “abcdefg”. These types of passwords are also relatively easy to guess. Needless to say, any kind of personal information should not be used for a password, either. This includes your name, birthday, driver’s license number, passport number, or any other kind of personal information.

If that wasn’t enough, one of the last things to remember is not to write your password down. After all, why would somebody ever want to wait for a computer to crack your password, when they could just look at that Post-It note on the side of your computer screen?

So, hopefully you are asking yourself: “What am I supposed to do? How will I ever create a hard-to-crack password that is also easy to remember?” There are a few tricks.

The first trick is to think of a sentence, such as “The quick brown fox jumped over the lazy dog.” Now, it’s pretty easy to remember this sentence, right? The next step is to take the first letter of each word. So, if we did this, we would get: “Tqbfjotld.” I don’t know about you, but this looks kind of difficult to guess.

Don’t stop there; maybe think of two sentences so you end up with a longer password. “The quick brown fox jumped over the lazy dog. Then the fox stole the dog’s two bones.” This might become: “Tqbfjotld. Ttfstd2b.” For a little more protection, change a couple of lowercase letters to uppercase, and vice-versa. And the icing on the cake: add a few symbols, like an exclamation mark, question mark, percent sign, or some other symbol. After all: the more complex and long your password, the better.

So the next time you sign up for an email account, open up an online banking account, or reset your McKendree password, think about what that password is protecting. If you don’t, you just might learn what the phrase “All your base are belong to us” means.

Author