If you read the title of this post and think I’m crazy, you’re probably right. On the other hand, most people seem to be saying this by their actions. How many times have you been in an office and seen passwords attached to monitors on sticky notes? How about people who use the password “password”?
We’ve all read stories about using strong passwords and how easy it is to guess people’s passwords. The fatal flaw in the system is that we need something that isn’t obvious, but something that we can remember. Some of the simplest methods of creating a more complex password is to use upper and lower case alphanumerics plus a symbol.
There is a great site that can help you understand this. Go to http://howsecureismypassword.net/ and type in combinations of letters, numbers and symbols to see what it tells you. This is not a foolproof method of choosing a password, but it will give you a good idea of what is secure and what’s not.
Here are a few examples. If I use “password”, a person or program will crack my password and access my information in seconds. If I add some symbols into it and use “pa$$word”, it would take a desktop PC about 6 days to crack it using a brute force attack. If I add a capital letter to make it “Pa$$word”, it would take a desktop PC about a year to crack. And if I use “eDo(ument$c!ence$”, it will take more time to crack than the history of the universe. You can see by adding some simple variety the job of stealing your password becomes harder.
Here are a few easy to remember tips for passwords:
- Don’t use a simple word or phrase, like password or 123456
- Use at least 8 characters, but preferably 10 or more
- Use upper & lower case letters, numbers and symbols in your password
- Use something that you can remember, so you aren’t tempted to write it down
- Don’t write your password on a sticky note and put it on your monitor
There are many systems, such as biometrics and smart cards, that are more sophisticated than using passwords. Unfortunately these aren’t ubiquitous across computer systems and websites. I frequently use OpenID, where it’s supported, which is a bit more sophisticated, but still uses a password construct.
Until the computer industry comes up with another authentication system as simple as the password, we are stuck with them. Make sure you use a little common sense when choosing yours. Here are some more tips on choosing a strong password.