Wednesday, April 4, 2007

Passwords Part 2/3 - Strong Passwords

Let's begin where we left of yesterday. As you might recall, I mentioned two factors that are important to ensuring password confidentiality. One of which was using "strong" passwords. Also from yesterday's post we learned that maintaining confidentiality of our passwords is paramount to maintaining authentication (proof of identity) integrity.

A few questions come to mind when I think of strong passwords. What is a "strong" password? How does a "strong" password help to protect the confidentiality of the password? How do I choose a "strong" password that I can remember? The answers to these three questions is in essense the meaning of this article. So, let's get some answers then!

What is a strong password?
In the simplest terms, a "strong" password is one that is not easily guessed, and cannot be easily "cracked". Cracked!?!? What is "cracked"? There are numerous methods of cracking passwords (I won't elaborate, but can through email). In simplistic terms, traditional password cracking employs a program that continually tries combinations of letters, numbers, etc. until it makes a password match. This brings to mind another question, what makes a password strong?:

  • Length, the longer a password is the harder it is to guess. I recommend a password longer than 8 characters
  • Use letters, numbers, and symbols (!@#$%&^). A greater variety of letters, numbers, and symbols = less length required = same password strength.
  • Do not use words that you can find in a dictionary.

This might make better sense if I give you some examples of "strong" and "not so strong" passwords.

Not so strong password examples:
John1970 (could be easily guessed and not so hard to crack)
144WestMain (could be easily guessed and not so hard to crack)
ChelseaMichaelMarthaBob (nice and long, but still easy to guess and crack)

Strong password examples:

See the difference?

How does a "strong" password help to protect the confidentiality of the password?
Not taking into account what I do with the password (Next installment, Passwords Part 3/3 - Password Management), using a strong password reasonably assures the confidentiality of the password.

How do I choose a strong password that I can remember?
My best trick is to take a phrase that is easy for me to remember and make it into a strong password. A few examples:

  • My Dog's Name is Rover (phrase)
  • My!D0g!Rover (strong password)
  • My wife and four kids (phrase)
  • MyWife&4kids (strong password)
  • Account at Wells Fargo (phrase)
  • Acct.@Wells4go (strong password)

It takes a little creativity on your part to make a strong password that you will remember. Once you get the hang of it, it's a piece of cake.

Now a catch, I suggest using different passwords for different purposes (one for work, another one for eBay, another one for your bank, etc.). This can make for a lot of passwords! Learn why I suggest this, and how you can keep track of all these passwords in the last installment of this series, Passwords Part 3/3 - Password Management.

Feel free to post your comments, check out The Trusted Toolkit, or email me for more!

No comments: