Tuesday, 09 November 2010 14:55
How To Choose Very Strong Passwords That Are Easy To Remember
Written by Ryan Smith
What makes a password strong is the combination of different alphanumeric, special characters, and capitalization that you use, and of course the length of the password.
I don't know about you, but I don't want to remember and type an epistle when I fill out a password field. And, ideally, I don't want to use the same password on many sites, because if one is compromised then my entire life is unlocked.
I want to show you here how to choose very strong passwords for every website that you use, that are different for each website, and are each only 9 characters in length max.
A study found that an 8-character password that's constructed in the manner I'm going to show you has 7.2 quadrillion different combinations, and will take 83.5 days to crack if the hacker can try 1 billion different passwords per second.
I don't know about you, but I don't want to remember and type an epistle when I fill out a password field. And, ideally, I don't want to use the same password on many sites, because if one is compromised then my entire life is unlocked.
I want to show you here how to choose very strong passwords for every website that you use, that are different for each website, and are each only 9 characters in length max.
A study found that an 8-character password that's constructed in the manner I'm going to show you has 7.2 quadrillion different combinations, and will take 83.5 days to crack if the hacker can try 1 billion different passwords per second.
Step 1: Pick 2 Starting Characters
To make it easy to remember, all your passwords are going to start with the same characters. But these are not just any characters. Pick 2 characters from the list of special characters that you see above the numbers on your keyboard and to the left of the Enter key.
These characters are: ~`!@#$%^&*()_-+={}[]:;"'<>?/|\\
Pick any two of them as your password starting characters. To show you an example as you read through the steps, let's pick $ and % (pick your own two).
In my example, all my passwords are going to start with $%.
Step 2: Pick 2 Ending Characters
In exactly the same way as above, pick two different special characters that will be at the end of your passwords. Don't pick the same characters as your starting characters.
For the purposes of my example, let's pick * and ^. Hence, all my passwords are going to end with *^.
Step 3: Construct The Middle Part Using The Website Name
This is the fun part. Take the first 6 characters of the website domain name where you want to use the password. If the domain name is shorter than 6 characters, then use the full domain name.
In my example, let's create a password www.microsoft.com.
The first 6 characters of the domain name is "micros".
Now we're going to substitute some characters and capitalize others.
Substitute the following characters: a becomes @, e becomes 3, i becomes 1, o becomes 0, and u becomes ^.
Now we have "m1cr0s".
Now, decide on a standard for yourself regarding which character(s) you're going to capitalize.
For this example, let's say we're always going to capitalize the 3rd consonant.
So now we have "m1cR0s".
The next step is to drop the last character ("s" in our case), and append the Ending Characters (*^) that you picked in Step 2.
Our password is now "m1cR0*^".
The last step is to add the Starting Characters (Step 1) to the beginning of the password.
The final password is "$%m1cR0*^".
A Few More Examples
Domain: www.twitter.com, Password: "$%tw1Tt*^".
Domain: www.facebook.com, Password: "$%f@c3B*^".
Domain: www.ebay.com: Password: "$%3b@*^"
Remember
Pick your own 2 starting characters and your own 2 ending characters, don't just use the same ones I used in the example.
In addition, make your own capitalization rule (you can capitalize more than 1 character if you want to.
You can also use more than the first 6 characters of the domain name if you want to. It just means your passwords will be slightly longer.
Is This Password Strong?
Yes, it is very strong. With this method you're potentially using any of 30 special characters, 10 numerals, and 26 lower case and 26 uppercase characters.
Unless a hacker happens to have a water-cooled supercomputer in his briefcase, he will not be able to crack your password.
Making It Even Stronger
If you're concerned that some hackers might know about this password construction method, simply pick 3 starting characters and/or 3 ending characters, or as many as you like. Any slight variation of the method makes your passwords even more secure.
Published in
Best Practices
Ryan Smith
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view itBlog subscription
Receive email notification when a new item is added in this blog.Latest from Ryan Smith
1 comment
-
Comment Link
Friday, 13 May 2011 15:02
posted by
Ariel
This is a very useful post - all too often people use an obvious password and pay the cost of it later
Leave a comment
Make sure you enter the (*) required information where indicated.
Basic HTML code is allowed.
Login
Main Menu
10:03PM Apr 15
03:41PM Nov 06
