What’s a Good Password?

September 8, 2009

We all have to have quite a few passwords. For various reasons, you can’t have one password for everything. There are two ways someone might be able to get your password. They might be able to guess it, or they might be able to crack it.

Guessing a password is pretty straightforward. I can research information about you and try and guess your password since most people use passwords that contain names of family members, pets, and birthdates.

Cracking a password is much more complicated. The easiest way to explain this is to give you an example. Let’s say your password for logging onto your computer is fluffy, which is the name of your cat. You might think that the word fluffy is stored somewhere in a secret place in Windows so that when you type your password to login, it goes and looks to see if it’s the same and if it is, it logs you in.

In reality, Windows does not store the word fluffy. When the password was first set up, it ran the password through an encryption algorithm which takes the word fluffy and turns it into a string of letters, numbers and symbols. Windows then stores that encrypted string. Then, each time you login to Windows, it takes the password you enter and runs it through that same algorithm and then compares the resulting encrypted string to the one stored as your password.

There isn’t a reverse algorithm which will take the encrypted string and convert it back to your password. But there are sophisticated programs that can figure out an encrypted password. When you use an algorithm to try and figure out a password, that is called cracking the password.

I hope that’s not overly technical. The reason I explained that is that I want you to understand that these password cracking programs are limited. They can easily crack a simple password, but not a complicated password.

When you are setting up a new password, here are some rules to follow which will not only make your password nearly impossible to guess, they will make it very difficult if not impossible to crack:

1.       Your password should be at least 8 characters long.

2.       Include 2 words that have nothing to do with each other.

3.       Your password should contain both upper case and lower case letters.

4.       Your password should contain some numbers.

5.       Not all applications/websites allow symbols in your password, but in places where you can include a symbol in your password, do so.

6.       Don’t use names that mean something to you. Your name, the names of your spouse, parents, children, or pets.

7.       Avoid using numbers that correspond to your date of birth, age, address, phone number, or social security number.

A popular way to include numbers in your password is to substitute a 3 for E and a 1 for I or L. Don’t follow these popular practices as it makes your password easier to guess.

Here are some examples of good passwords:

·         ObJect4=OrangE

·         ;blOOd99BEEr

·         FAN-+graSS232

You get the idea. These passwords are hard to guess and hard to crack. When you come up with a password, make sure it’s something that’s not too hard to type. And, of course, make sure it’s something you can remember.

Leave a Reply

You must be logged in to post a comment.