Creating Stronger Passwords
As a basic rule, a good password adheres to as many of
the following guidelines as a system will accommodate:
(Click on any bullet item for an explanation)
While these rules may sound difficult to follow, the next
page illustrates how easy it can be to use them to create effective passwords.
Explanation of tips for creating stronger passwords
Do not use familiar names
When devising a password, many people's first instinct
is to use a name that they will remember such as their spouse, children, pet,
or even their own. This is often the easiest password to discover or guess.
Personal items in the workplace can often give easy clues to these passwords.
Avoid
using commonly known facts about yourself |
to top |
Using common facts about yourself such as your birthday,
hobbies, favorite sports teams, or other similar information will provide others
with a better chance of guessing your password.
Do not use words found
in the dictionary |
to top |
Software programs that can 'crack' a password are readily
available on the Internet. These programs can find a password from a dictionary
in a matter of seconds. An alternative to using a word is misspelling it or
replacing letters or words with numbers or characters. This is similar to a
personalized license plate. The password 'homeplate' could easily become 'homepla8'.
It's just as easy to remember but would take a cracking program much longer
to decipher.
Use least eight (8) characters
|
to top |
Within certain limits, the more characters in the password,
the more secure it may be. For cracking programs it becomes exponentially more
difficult to crack a password with each character added. Also, some operating
systems, such as Windows NT, store passwords in 'chunks' of seven characters.
If the second 'chunk' is empty it is a known value and the program knows the
character is less than eight characters.
Utilize letters and numbers |
to top |
By using a combination of letters and numbers in your password
you make it much more difficult for a person or program to guess your password.
You are increasing the potential character set by another 10 characters!
Use special characters,
if possible |
to top |
Some systems allow special characters such as ! @ # $ %
& to be used in a password. This not only adds to the character set available
but foils many password cracking programs that may not use special characters.
If the system allows special characters it is wise to take advantage of them.
Use upper and lower case
letters if the system differentiates them |
to top |
Some operating systems can use case sensitive passwords.
They can tell the difference between upper-case (capital) and lower-case letters.
This doubles the quantity of letters available when choosing a password and
can create a more secure password than just using lower-case.
Combine misspelled words |
to top |
By misspelling words you avoid a 'dictionary attack' and
a potential hacker has to resort to what is referred to as a 'brute force' attempt
to get a password. This means that their program must try all potential combinations
of letters, numbers, and characters. This can take a great deal of time, even
for a sophisticated program. See the examples on the Creating a Better Password
page.
|