There are many contradicting theories on password creation and strength. Security experts will tell you to create a strong password, and change it often, yet this causes confusion for many people since they suddenly have to keep track of many many passwords between their social networking sites, email sites, work computers, home computers, and shopping sites. Even worse, most people create ONE password that they use for ALL of their websites, which is one of the worst possible security faux-pas that a person can do.
In the end, to “fix” this issue we see more and more the creation of a “password file” where someone stores their username and passwords. Sadly, this is often sitting on a work computer, or at home on an open, or an easy to crack, wireless connection making those passwords easy to access.
Because of this, new data and reports from security experts are claiming that changing the password often is actually more of a security hazard.
So who is right, and who is wrong? Sadly, both are correct, and both are wrong.
Here is a method that will help fix part of the problem by creating a strong password that is easy to remember and therefor wont require the creation of a password file, while making it unique for all of the different places which you need to create a password for!
Strong Password Rules
First we need to know what a “strong password” actually is. The basic rules are:
1. The password should be a MINIMUM of 7 characters long
2. The password should have a mix of upper and lower case letters
3. The password should have at least 1 number
4. The password should have at least one special character (Example: !, ?, “, -, +, etc)
Wow… that sounds complicated. Lets see some examples of “strong passwords”
Strong Password 1: Bfdk230!kgf#ml ( … This one is pretty rough to try and remember )
Strong Password 2: I_like_ch33se ( This is more common. We see a sentence in there with numbers for letters)
Strong Password 3: Thisisastr0ngpassword! ( Again… a common “strong” password )
Making your own strong password
Many security experts will tell you that you should not use “easy to figure out” information in your password. Examples of this are:
1. Don’t use the name of a pet, spouse, parent or child
2. Don’t use a number of a date such as 05201980, when that number is an anniversary or birthday of someone you know
3. Don’t use a word of something that is well know about you. For example, if you are a football fan, do not use the name of your favorite team.
On the other hand, some security experts will tell you that using more than one of these at the same time is an ok method. For example, mixing your favorite team, your birth year, and your favorite color would make for a pretty strong password. Example: manchester82green! This is random enough that it would be difficult to guess this information.
Putting it all together
The final issue, is making this password UNIQUE to all the websites that you use. To do this, I recommend coming up with a strong password, and then simply appending or adding on the name of the website you are on! Most of the time, people will have “shortcut” names for their favorite websites as well, such as calling their “google mail”,”yahoo mail”, or “hotmail” websites their “mail” sites. Using these nicknames which you are very familiar with will definitely help to make the password more secure as well.
Here are a few examples:
Strong Password: Canadians05green (A hockey team, birthday month and favorite color)
Website Password Example (www.twitter.com): tweets@Canadians05green
Website Password Example (www.gmail.com): gmail@Canadians05green
Website Password Example (www.ebay.com): buystuff@Canadians05green
Website Password Example (www.53.com – A Bank): bank@Canadians05green
Another Example
Strong Password: willowMoose1982 (Favorite type of tree, favorite funny animal, your birth year)
Website Password Example (www.twitter.com): twitter!willowMoose1982
Website Password Example (www.gmail.com): mail!willowMoose1982
Website Password Example (www.ebay.com): eb!willowMoose1982
Website Password Example (www.53.com – A Bank): fifththrid!willowMoose1982
Criticism
This method is of course not perfect. Once someone figures out the “pattern” to your strong password they will be able to have a good guess at how to get into your other accounts. The main benefit to this though, is that you as the creator of the passwords for each site, can choose what to put at the beginning (or end) of each of the passwords!
Using “gmail@strong_password1″ for gmail, “twitter@strong_password1″ for twitter, and “ebay@strong_password1″ for ebay will be pretty simple to figure out, but using something such as “google_mail” or “google” or “mail” or “gm” for the first part of the password, can help to ensure that the password is less obvious to guess at first attempt to break it!
Read Also:
Tags: password