How to choose a good password

Print pagePDF pageEmail page

Being an Internet user, means that somewhere somehow you have to have a private account accessible only after entering a string of alphanumeric characters known to you only or rather a Password.

password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource – Wikipedia

So, your password prevents unauthorised access to your personal messages, to your online storage service, to your bank accounts (online), to your social accounts (Facebook, Twitter, MySpace, etc) and thus has to be as hard-to-guess as possible.

To be able to choose a good password, one should know how are passwords broken or cracked and choose one accordingly;

  1. Dictionary Attack
    This method involves trying all the words in a dictionary until the correct match is found. A ‘dictionary’ can be the one you use the look for meanings (Oxford Dictionary) – passwords like apple, computer, building, government, boy, girl – 😛 , or a list created by Mr.TheMaliciousHacker himself and containing a list of words related to you or your surroundings as he is aware that sometimes you use your parent’s name, your gf’s name or your pet’s name. Looking for these details about you is known as Social Engineering which will be discussed in another post.
  2. Bruteforce attack
    This method is quite a long and tiresome one but proves to be very effective in most cases. It involves trying all possible combinations until the right one is found – aaa, ab4, ai4, … It takes very long sometimes but if the hack/attack is of great importance, Mr.TheMaliciousHacker will wait for the attack to be completed and the password revealed. But this process can be made fruitless in most cases by using complex and long passwords. See, having a 3 letter simple password will take very short time to crack than an 8 alphanumeric password.*Hackers usually use both methods at the same time !!

Following are a few do’s and dont’s for choosing a good/strong password plus some tips.

The don’ts 

  • Never ever use simple passwords like 1234, qwerty, azerty, 4321.
  • Never use your name, pet’s name, lover’s name as password.
  • Never use the name of the service provider as you password; e.g ‘hotmail’, ‘yahoo’, ‘facebook’ as passwords for your Hotmail, Yahoo and Facebook accounts respectively.
  • Never use your birthdate alone in a password.

The do’s

  • Use a combination of letters, numbers and special characters. Note: p@$$w0rd is NOT a secure password.
  • *Use a unique password for each of your accounts; no two passwords should be the same.
  • *Change your passwords regularly.

Choosing the password 

Say you are creating a new Windows live account. Obviously, you’ll have to think of a password; a secure one. Here’s one way of proceeding..

Your name: irshaad ———- (1)
Birthdate: 1611 —————-(2)
Favorite Movie: Skyfall ———- (3)

Use a combination of the three and there you go!

Password:  i r s k y 1 6 f a l l 1 1
but as we said earlier, special characters must be used too, we replace the ‘a’ by an ‘@’ sign leaving us with the hard to guess password;  irsky16f@ll11

Of Course!, do not use the same positioning and variables I used, as hackers learn very quickly and also can easily write a script (piece of code) to automate the process whereby the simply have to enter those the details and all possible combinations are saved as a dictionary file ready to be used for a successful Dictionary attack.

Here’s a link to a very good article about passwords from MakeUseOf
http://www.makeuseof.com/tag/create-strong-password-forget/

About irshaad

Irshaad is from Mauritius and a student in Information Systems Engineering in Turkey. Social, geeky, tech-lover and everything that's linked to technology; he's in it. Not exactly 'Jack of all trades' but he likes to try and test each and everything he comes across. His personal page: irshaad.me

  • When I initially commented I clicked the “Notify me when new comments are added” checkbox and
    now each time a comment is added I get three emails with the same comment.

    Is there any way you can remove people from
    that service? Bless you!

    • irshaad

      Maybe its a bug in the CMS software. Apologies about it .
      Thnx for your comment and concern though