IT Leadership

EXPERT ADVICE

Building a Better Password

Two weeks ago, Republican vice presidential nominee Sarah Palin discovered that a hacker had gained access to her personal e-mail account and posted some of its contents — both letters and photos — on a Web site viewable by the public.

Later, a person claiming to be that hacker anonymously boasted that gaining access to the account was easy — all it took was the correct answer to the “secret question” used to reset the account’s password.

Granted, Palin’s fame was likely a big reason her account was targeted. However, the incident underscores the importance for anyone with secure online profiles to create strong passwords, regardless of whether they’re used as one’s primary access key to a site or the “answer” to one’s password reset question. With all the information we regularly communicate using online profiles, an interested snooper with enough access could easily piece together enough to leave anyone — famous or otherwise — with a costly case of identity theft.

If you are like the majority of Internet users with around 25 different online accounts, you most likely have tried to think of a “fool-proof” password.

How to Create a Strong Password?

Let’s say you have followed all the advised methods of creating a strong password:

ol.thisol { font-weight:bold } ol.thisol span {font-weight:normal }

  1. Longer than eight characters.

    No problem. Let’s use the word slowdriver — a total of 10 characters.

  2. No dictionary words.

    OK, then let’s substitute zeros with 0, L with l and E with 3 — s10wdr1v3r

  3. .

  4. Use capitals, lowercase, numbers and punctuation.

    We can easily capitalize some of the letters — S10wDr1v3r.

  5. Not based on personal information.

    I drive pretty fast.

  6. No repeating patterns (QWERTY, 1234, etc.)

    I think we’re OK here too.

Result: S10wDr1v3r — It pretty much meets all our basic criteria and is an overall strong password. Of course, we should be able to type it at a decent enough speed so that over-the-shoulder spying eyes won’t figure it out.

Then again, S10wDr1v3r was the exact password “guessed” in a password hacking competition in 2007.

What Do You Do When You’ve Created a Strong Password?

Repeat the process 25 times.

Well, if you have a decent enough memory, S10wDr1v3r may not be that hard to remember. However, can you remember 25 of these? You must. Just because S10wDr1v3r is a relatively strong password, and perhaps stronger than the one you were previously using, it doesn’t mean that you can recycle it. Reusing passwords is never a good idea. Think of it like a domino effect — if one of your passwords is compromised, every other account using that password is also compromised. And all that hard work will have gone to waste.

Don’t worry, it’s not as hard as you think. I promise I’ll give you a solution by the end of the article.

Security Comes in Small Steps

If you recognize the difference in password strength between blink182 (one of the top 10 passwords) and S10wDr1v3r, you are well on your way to password security. S10wDr1v3r is in fact a strong password, but it is missing something very simple to make it a stronger password.

The most important thing to remember about creating strong passwords is make them LONG. Please memorize this: LONG IS STRONG. Passwords don’t have to be limited to just one word — be creative with your passwords. Go ahead and write a full sentence, something like — monday rain reminds me of lazy days.

Believe it or not, this may just be stronger than S10wDr1v3r. That’s right — even without punctuation, capital letters and/or numbers. Longer is indeed stronger.

Making It Stronger

Needless to say, 7vPi%QE#AOYG6=>5Pv!ya:oey1%*AU5i8:q is the strongest of all. And it may seem almost ridiculous to have a password like this, but if it is the strongest password, why not? Security shouldn’t be compromised, and neither should your passwords.

If you follow the fundamental password principle of Long is Strong, you will be a password pro. Obviously, it would be close to impossible to memorize 25 passwords such as 7vPi%QE#AOYG6=>5Pv!ya:oey1%*AU5i8:q.

Password Managers

A quality password manager will not only create an infinite number of unguessable long and strong passwords for you, but it will help you keep them safe and organized. Most modern products offer what’s called “one-click log-in,” so that you don’t even have to type that mumbo jumbo.

When choosing your password vault, you may want to decide if you want something installed on your computer or something that can be accessed 24/7 via the Internet (also known as an “online password manager”). Make sure you shop around and find a service you feel most comfortable with.

These are all the tips and tricks you need so that you will never have to click “forgot password” again.


Tara Kelly is a cofounder of PassPack, an online password manager.


Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels