It’s 2009, and I would be safe to assume that a vast majority of people have secure websites that they go to; some may be considered highly confidential (banks or investments) while others are not (social networking sites). Regardless of how you classify the importance of the sites you go to and the systems that you log into, it is important that you protect your accounts: this is where creating strong passwords comes into play.
To appreciate strong passwords, we can first take a look at some weak passwords and why they are weak; hackers will attempt to break into accounts by guessing weak passwords. We’ll start with the famous FIRST NAME password or the FIRST NAME plus #, for example ‘aaron’ or ‘aaron1’; with over 6 years of IT experience, there have been countless times where I would have to log in as a specific user to troubleshoot a problem and over half of the time I successfully logged in by typing in a user’s first name as the password. The FIRST NAME password can be extended to also include the first name of a spouse/significant other, child, pet, relative etc.
Second, is the infamous row of keys password; this would include passwords such as ‘123456’, ’qwerty’, ’asdfgh’, or ‘1q2w3e4r’. These passwords may be difficult to guess; however, passwords that are constructed from a row of keys are susceptible to over-the-shoulder attacks. As you may have guessed, an over-the-shoulder attack is when someone watches over your shoulder to attempt to see what your password is.
Another weak password is the word ‘password’. I have rarely seen too many people with this as their password for websites or IT systems; although, I continually see this as a password for many network infrastructure devices, for example routers, wireless access points or modems.
Lastly, passwords that are found in the dictionary, especially things that people associate to you, for example a dog lover with ‘puppy’ as their password; there are times when a hacker will possibly be able to guess this password without computer assistance, but if they are unsuccessful or skilled enough there are attacks known as ‘dictionary attacks’ that will attempt to break into an account using a list of dictionary words.
Now that we have a basic understanding of weak passwords, it is time to look at what makes a password strong; and simply put, it’s creating a password that is difficult to guess. To start with the construction of your strong password, there are three major components:
- Having a length of at least 8 characters.
- Use a mix of upper, lower, numeric and special characters.
- Come up with a passphrase.
A passphrase is a phrase that you will remember and is then abbreviated to create a password. The best way to teach this would be through example; if you are an avid blogger you may create a passphrase such as “I Love to Blog” which can then be converted to “I<32bl0g”. To help break this down: I⇒I, <3⇒Love, 2⇒to, bl0g⇒Blog.
Another example for someone who loves the beach may be “Fan of Sand!” which we can turn into “F@n0fs&!”: F@n⇒Fan, 0f⇒ of, s&!⇒Sand!; and one last example for someone who is in love with themselves could be “I Am Great At Everything” which would turn into “1’mg8@3T”: 1’m⇒I am, g8⇒Great, @⇒At, 3T⇒Everythings.
Plain and simple, avoid weak passwords; create strong passwords. To help remember a complex strong password use passphrases instead, and I last word of advice don’t put your password on a sticky note on your monitor, under the keyboard/desk, or anywhere else for that matter.