Thursday, August 02, 2007

Security Tip: Password Strength

I thought a little advice on creating passwords would be good. The statistics are incredible on how much a few extra characters can strengthen your password.

If your password is either all upper or lower case with no numbers or symbols and only 5 characters long it can be cracked instantaneously. If it's 8 characters it will take 35 minutes.

If you mix upper and lower case, a 5 character password can be cracked in under a minute. An 8 character password will take 6 days to crack.

Upper and lower case plus numbers
-5 characters - 9 seconds
-8 characters - 25 days

Upper and lower case alphabet and common symbols <>!@#$%^&* (no numbers)
-8 characters - 346 days

Throw numbers in there and it will take over two years!

(Data collected from here.)

But if you would rather keep your password simpler, you just have to change it more often and not let anyone have the time to be able to guess your password.

Sometimes if they're too complex they can be hard to remember, but here are some ideas on how to make your password more secure and easy to remember:
  • Throw in numbers or symbols that look like letters:
    P()tt3r&5nap3 (Potter & Snape)
  • Intersperse familiar numbers (an old address) in another word:
    E1a2s3y4St. (1234 Easy St.)
  • Use the first letter from each word from a favorite song, poem, or scripture:
    IHt8IaHt8IaIa (I'm Henry the 8th I am, Henry the 8 I am I am)

The top ten passwords used are:

  1. password
  2. 123456
  3. qwerty
  4. abc123
  5. letmein
  6. monkey
  7. myspace1
  8. password1
  9. link182
  10. (your first name)

If yours is on this list you might consider changing it immediately.

Instead of having one password for everything you use, consider having one password for your more sensitive information, a more simpler one for things not so sensitive, and an easy one for things that aren't sensitive.

Please comment if you have any methods for creating passwords that could help us simplify our lives without compromising our security.


Julia said...

At my work, our system will only allow a password with a minimum of 8 characters, using lower and upper case characters, numbers and a symbol. We also have to change our password every 90 days. It's a really good tip. I know my husband really well (obviously) so I was able to crack his password with very few tries.

Coach Ann said...

This is good information. I have such a bad memory, it will be hard to change it very often, but I think I will start doing it. I'm glad I don't work for the government because their passwords are computer generated and are changed really often. They aren't allowed to write them down anywhere either

janet said...

I have a terrible time remembering my passwords! What do you think about writing them down and hiding them some where? Of course, then there is the problem of remembering where I hid it! Oh Dear!!!!!!!!!! Yes, your mother could use some help!

Officer Leeroy said...

I would not recommend writing down your password "verbatim." If you do write it down, write it in a way that only you could figure it out. For instance if your password is "abcd1234" (which it never should be :) ), then write it down as "abcdw1234" or something similar where you know where you've added (or taken away) extra letters. But only do this as a last resort!