<

What’s the Password? How to Create Easy to Use, Strong Passwords to Protect Your Important Stuff

Published on
12,420 Points
5,020 Views
9 Endorsements
Last Modified:
Approved
Community Pick
Most computer users do not realize how important their passwords are. Here’s the straight scoop on why you need a good password and how to create super strong passwords that are easy to remember and hard to crack.


Thieves Are Trying to Steal Your Identity.

If criminals can figure out your password, they know that they will have access to your email, your online bank accounts, even your social security number. They can break into your computers, steal your files, steal your identity, reset your bank account information, steal your bank account, buy houses in your name, buy boats and airplanes in your name.

They will sell your information on the internet for $10 USD to other criminals who will use it to buy and sell drugs.

You might think this to be an exaggeration, but each and every example I gave above is true. Once your information is on the internet and can be sold, criminal rings who specialize in identity theft and internet fraud can do just about whatever they want with you.

Your identity will be sold for as little as $10 in an internet chat room, and it will cost you thousands and your good name before you can restore your life.

All because you were too lazy to get a good password.


Thieves have automated the process

Criminals are not going door to door looking for victims. Instead, they have created computer programs that scan the internet to find your computer, your email box, your website, and other pieces of your digital life. Once they find it, they attempt to break in. The process is 100% automated.

Criminals use computer viruses and other automated methods (as well as social engineering, but that’s another topic for another time) to steal your information.

If your password is weak, it can take as little as a few minutes (or even seconds if you’re using a date as your password), and then: boom! You’ve been compromised.


What Makes a Strong Password?

Ideally, a strong password must:

Have uppercase and lowercase letters.
Have some symbols (!@#$%^&*)
Be NO LESS than 11 characters long. (20+ recommended).
Be wholly random or an amalgamation of mnemonics.

How to Create a Strong Password

The easiest way is to use a random password generator. There are many free ones available on the web such as PC Tools Random Password Generator and Gibson Research Corporation’s Perfect Password Generator.

Of course, if you create such passwords, then you either have to memorize them, or store them in a secure way so you can look them up later.

Everyone should have at least one secure password they use that is memorized. For everything else, I recommend a password manager. Two I recommend are:

Plato Password Manager
Both of these programs will generate random passwords for you, and also store them in an encrypted database. The only difference between the two is Plato Password Manager (which appears to be based on KeePass) will have commercial support for license holders.

The encrypted database part is vitally important. This means that if another person was to gain access to the database either by stealing your computer, using it while you are away, or if it were to be stolen by a computer virus, spyware, malware, or other “hack” attack, the bad guys would be unable to read or use it.

Use these password managers to generate random passwords for all your accounts. Every account you have should have its own unique and random password. This way, if one password were to be compromised, all the other accounts would be safe.


Memorize your ONE strong password

You have to memorize at least one strong password. Mostly because you need to use it to encrypt your Keepass or Plato database.

The preferred method is to use a random password generator to generate a password that appears to be easy for you to remember, and then just memorize it.

A second method is to use a mnemonic or series of mnemonics with l33t (pronounced “leet”). For instance, we could create a unique password by combining several sentences and then use the l33t orthography to substitute numbers and symbols for certain letters.

Our example sentence could be:

There are nine planets in our solar system. Mary’s violet eyes make john stay nights up pondering.”
(In case you don’t know, Mary’s Violet Eyes Make John Stay Nights Up Pondering is a mnemonic for Mercury, Venus, Earth, Mars, Jupiter, Saturn Uranus Neptune Pluto).

Using the first letters of each word in this mnemonic, our password becomes:

Tanpioss.Mvemjsnup
Using l33t orthography, our password becomes:

T@np10ss.Mv3mjsnup
This password is 18 characters long, but still only registers “99%” at passwordmeter.com.

To increase security, we’ll add 2 more symbols to make the total length of the password 20 characters.

a starting “=”
an ending “%”
So the password is
=T@np10ss.Mv3mjsnup%
Now, we have a “100%” rating on the passwordmeter.com.


Is Your Password Good Enough?

Before deciding on your final password to memorize, you should run it through passwordmeter.com.

It will give you a good indication of how difficult it will be for hackers to break your password. A rating of strong is the minimum recommendation, and a rating of “best” is…well… best.


Conclusion

The inherent dichotomy between the usability of a password and its security is a thorny issue. Many users will constantly complain about the complexity of their password. “It’s too long” they may gripe. “I can’t remember it” they will moan.

The minuscule pain they feel working with a secure password would be a welcomed joy in comparison to a compromised user account, hacked bank account, or destroyed network.

In reality, allowing users to set their own passwords using both the mnemonic technique described above and incorporating l33t is the best way of ensuring user compliance. Of course, just telling them “use mnemonics and l33t” is not going to work. For best results, have a lunch and learn and teach these principles to your users. Allow them to ask questions. Achieve “buy-in” as much as possible.

For the sake of the network, you may have to force their hand and create random passwords for them, but this should be a last resort.

Meet the author on Facebook! Send a Friend Request!

This article is a reprint of What’s the Password? How to Create Easy to Use, Strong Passwords to Protect Your Important Stuff.

Used with Permission.
9
Comment
Author:DrDamnit
4 Comments
 
LVL 73

Expert Comment

by:Qlemo
A really important article, since there are more methods in the wild trying to steal or guess passwords every day. Voted Yes!
0
 
LVL 61

Expert Comment

by:mbizup
Enjoyable read and good info.

(Yes++)
0
 
LVL 23

Expert Comment

by:Rajkumar Gs
Good Article DrDamnit

I have seen many peoples using very week passwords. I normally prefer and use strong passwords.
Your article is really helpful. Thanks for the information about those tools as well.

Got some new ideas to keep my secrets secure!

Thanks
Raj
0
 
LVL 50

Expert Comment

by:DanRollins
There are several weaknesses about using a "password-vault" type program to store your passwords.  Lots of us use the password vault that is built into the web browser, but it is vulnerable:  If you forget to log out at lunch, your evil co-worker will take out a mortgage on your house and then skip off to retire in Bimini with the profits (or enjoy a weekend in Cleaveland, depending... :-)

In both situations (password vault software and browser password handling), you are vulnerable to three problems:  

There is one key password you must remember, and because you may need it often, you might tend to use a weak one.  That means that if somebody can access your desktop (physically or remotely), your 20-character ultra-hardened randomly-created banking passwords are really all as weak as your Windows login password.
What do you do when you are away from your desk?  E.g., when you are on the road and need to check your webmail?  Your herculean password is now preventing you from accessing things you need to access -- because you don't know the password itself.
The local password that is used to "unlock the safe" might well be more susceptible to dictionary and brute-force attacks.  The software (or Windows itself) can be bombarded with login retries, while most websites keep track of retries and foil the cracking software by inserting manditory delays between retries.
None of these are showstoppers, but IMHO, they add up to a good reason to use a "mental algorithm" rather than a password-management tool.  I've discussed that technique in my article: Strong (but Easy-to-Remember) Passwords
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Join & Write a Comment

If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month