Creating strong passwords
Posted January 10, 2012
Today we’re going to talk about password strength. But before we do, let’s do an experiment. Ready? Count to six. Do you know what you just did? You just cracked the world’s most popular password!
That’s right. In a study of some 32 million passwords that had been breached, 1-2-3-4-5-6 was the overwhelming favorite. That means there are literally millions of people who use those six numbers—in order—as their primary password! That barely edges out words like “password” and “iloveyou” as popular choices. Those are terrible passwords! So what makes a good password? Here are some tips to help you out.
-A good password is at least eight characters long. Those eight characters should be a combination of upper and lower-case letters, numbers, and symbols that don’t have significant meaning. Using birthdates and anniversaries are too obvious. Pick combinations that you can remember, but are tough for others to guess.
-A good password is one that doesn’t contain a word. As we learned in the last episode, dictionary attacks search for words within your password to help crack it. Words are easy to remember, but also easy to guess.
-A good password is one that you can remember. Passwords that are so complex that you can’t remember them aren’t good, because it means you’ve likely written down or stored the password somewhere near your computer. That makes for an easy target to steal.
-A good password is only used in one place. The password for your Bank of America account should be different from your email account. Never use the same password across multiple sites. You use different keys for your house, office, and car. Websites should be treated just the same!
-A good password is changed regularly. If you can’t change them all every month, at least change them a few times each year.
To sum up, a good password is long and uses multiple characters. It is easy to remember but tough to steal. And a good password is changed often.
For more tips and information on passwords, visit our website, at www.securitymatters.iu.edu