“Be sure to use a strong password” is advice we all constantly
see online. Here’s how to create a strong password — and, more
importantly, how to actually remember it.
Using a password manager
helps here, as it can create strong passwords and remember them for
you. But, even if you use a password manager, you’ll at least need to
create and a remember a password for your password manager.
The Traditional Password Advice
According to the traditional advice — which is still good — a strong password is:
- Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
- Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
- Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
- Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
Try to mix it up — for example, “BigHouse$123″ fits many of the
requirements here. It’s 12 characters and includes upper-case letters,
lower-case letters, a symbol, and some numbers. But it’s fairly obvious —
it’s a dictionary phrase where each word is capitalized properly.
There’s only a single symbol, all the numbers are at the end, and
they’re in an easy order to guess.
A Trick For Creating Memorable Passwords
With the tips above, it’s pretty easy to come up with a password.
Just bash your fingers against your keyboard and you can come up with a
strong password like 3o(t&gSp&3hZ4#t9. That’s a pretty good one —
it’s 16 characters, includes a mix of many different types of
characters, and is hard to guess because it’s a series of random
characters.
The only problem here is memorizing this password. Assuming you don’t
have a photographic memory, you’d have to spend time drilling these
characters into your brain. There are random password generators that
can come up with this type of password for you — they’re generally most
useful as part of a password manager that will also remember them for
you.
You’ll need to think about how to come up with a memorable password.
You don’t want to use something obvious with dictionary characters, so
consider using some sort of trick to memorize it.
For example, maybe you can find it easy to remember a sentence like
“The first house I ever lived in was 613 Fake Street. Rent was $400 per
month.” You can then turn that into a password by using the first digits
of each word, so your password would become TfhIeliw613FS.Rw$4pm. This
is a strong password at 21 digits. Sure, a true random password might
include a few more numbers and symbols and upper-case letters scrambled
around, but it’s not bad at all. You just need to remember two simple
sentences, so it’s easy to remember.
The Passphrase / Diceware Method
The traditional advice isn’t the only good advice for coming up with a
password XKCD did a great comic about this many years ago that’s still
widely linked to today. Throwing all the usual advice out, the comic
advises choosing four random words and stringing them together to create
a passphrase — a password that involves multiple words. The randomness
of the word choice and length of the passphrase makes it strong.
The most important thing to remember here is that the words need to
be random. For example, “cat in the hat” would be a terrible combination
because it’s such a common phrase and the word makes sense together.
“my beautiful red house” would also be bad because the words make
grammatical and logical sense together. But, something like “correct
horse battery staple” or “seashell glaring molasses invisible” is
random. The words don’t make sense together and aren’t in grammatically
correct order, which is good. It should also be much easier to remember
than a traditional random password.
People aren’t good at coming up with sufficiently random combinations of words, so there’s a tool you can use here. The Diceware
website provides a numbered list of words. You roll traditional
six-sided dice and the numbers that come up choose the words you should
use. This is a great way to choose a passphrase because it ensures you
use a random combination of words — you may even end up using words that
aren’t a normal part of your vocabulary. But, because we’re just
choosing from a list of words, it should be fairly easy to remember.
Diceware’s creators now recommend using at least six words because of advances in technology that make password-cracking easier, so keep that in mind when creating this sort of password.
It’s not all about password strength. For example, if you re-use the password at multiple locations, it may be leaked and people may use that leaked password to access your other accounts.
Using unique passwords, avoiding phishing sites, and keeping your computer safe from password-capturing malware
is also important. Yes, you should choose a strong password — but you
need to do more than that. Using stronger passwords won’t keep you
secure from all the threats out there, but it’s a good first step.
No comments:
Post a Comment