Building a better Password
Many computer users tend to use passwords that they can remember easily. If you take a deeper look at password use many Internet users seem to use the same password for most of their password protected activities which is a high security risk especially when combined with the selection of weak passwords.
Break one, get access to all sites and services protected by the password that you test it on or know about. It is just a matter of trying the username and password combination on other popular sites to see if that particular user used them on multiple sites.
The article Build a better Password gives a short introduction to password formats. A password can either be something you know, something you have, or something you are.
The author recommends that users follow two simple guidelines to make their passwords more secure:
- Increase the length of the password by adding more information.
- Add special characters to make dictionary attacks worthless.
Those are simple measures that can tremendously boost your security. Of course, no password is 100% secure but if the password reaches a certain length and complexity, it is unlikely that it will get cracked by the majority of attackers unless there is a weakness in the algorithm.
I'd add that you may want to make sure that the password has upper and lower case letters, numbers, and at least one special character to improve security. Length-wise, I recommend 16 or more characters for regular accounts and as many as possible for important ones.
Update: The original article is no longer available. While it still may be a solid recommendation to combine words into passwords and passphrases, the rise of password managers like KeePass or LastPass has opened up new possibilities for users.
The biggest advantage of using a password manager is that you only need to remember one password, and that is the master password unlocking the password managers database. All other passwords can be very cryptic, lengthy, and hard to memorize. Good password managers like KeePass come with a password generator built-in, that allow you to create these secure passwords on the fly.
Add to that copying and pasting of passwords, or automatic login options, and you got a comfortable option that is very secure at the same time.
Sometimes though you can't use a password manager. If you are at work for instance, and forced to change your password every 90 days or so, you may want to consider using the initial suggestions to pick a secure password for that situation.Advertisement