Computer Passwords

Strong Computer Passwords

Computer passwords and security.  Why all the fuss?  Why can’t you just pick something simple and use it everywhere.  Why does your work make you change your password every so often?  Why do they make me use letters, numbers and symbols in my passwords?

Computer passwords are the keys to the digital kingdom of you.  Passwords are how you let some service, whether is it a server at work or something on the Internet like Facebook, know that you are who you say you are.  This is important: just because I say that I am “Mike Smith” does not mean that I am really Mike Smith – passwords are that little secret the you share with the service you are using that tells the server “…and this is how I will prove I am Mike Smith”.

Think about it.  If I say I am Mike Smith (and I really aren’t); without some way to prove it like a computer password, I could really cause the real Mike Smith a serious amount of trouble.  As a simple example, say Mike Smith didn’t have a password on his email (or a really simple password – which I will discuss in a bit) and I knew about that.  I could connect to Mike Smiths’ email  pretending to be him and cause all sorts of mischief for him.  As a hint, the United States Secret Service really has no sense of humor when it comes to nasty emails sent to email addresses: DO NOT TRY THIS.  That is why passwords are important – to prevent people from taking over your online identity from you.

So next, you find out that just because you have a computer password, does not mean that your account is secure.  What does this mean?  I thought having a password – ANY password – was all that was needed.  It turns out that it is quite easy for would-be criminals to either create or obtain password-cracking software.  This allows the criminal to try hundreds of thousands of password combinations until one is discovered that unlocks your account in a fairly short period of time.

This introduces the idea of “weak passwords” – something you might have heard about from time to time.  So, what exactly is a weak password?  A weak password is a computer password that would take a criminal – possibly using password cracking software – a short time to figure out.

What makes a password a so-called “weak password”.  Typically, a weak password is based on a word that you would find in a dictionary (any language).  It doesn’t need to be just the word, but the word with some numbers or even some case changes thrown in for good measure.  Examples of weak password: password, P@ssw0rd, Hello123, S3cret!, steven99!.  All of these passwords are weak – they are based on common “dictionary” words, even if some of the characters are substituted with something else (i.e. @ instead of the letter a).  The addition of numbers or symbols at the beginning or the end of the password does not fix the problem – the meat of the password is still based on a dictionary word.

A weak password can also be a short password.  Consider the math: unless you are using a system designed before the year 2000, passwords are case sensitive.  If you consider just upper case letters, lower case letters and numbers (and no blanks or space characters), a 1 character long password has exactly 62 possible combinations.  A 4 character password has exactly 14,776,336 possible combinations.  An 8 character password has exactly 218,340,105,584,896 possible combinations.  The longer a password is and the more characters you utilize, the harder it is to crack the password (the longer it will take).  Using a short password just makes it easier (quicker) for a criminal to figure out your password.

So, what does it take to make a strong password.  First of all, it should be at least 8 characters long. As you saw above, not counting symbol characters or space characters, there are over 218 trillion possible character combinations in an 8 character password; the more possible character combinations, the harder it is to break the password.

Next, consider the range of characters in your password.  There are 4 groups of characters typically available when you create your password: upper case letters, lower case letters, numbers and symbols (example: !@#$%^&^*).  A strong password will utilize at least 3 of those ranges if not all 4.  The more possible combinations for your password, the harder is it for your password to be broken.

Last, a strong password must have some element of randomness to it; it shouldn’t be based on anything you might find in a dictionary.  Remember, the password cracking programs have multiple dictionaries included with them and those words (and various permutations of those words) in those dictionaries are typically the first ones tried by the cracking programs.

Examples of good, strong passwords (please don’t use these): J87jh4k9(   %^^&*(bhjfgdln3

I can hear the protestations now.  You are saying to yourself “I can’t remember that” and you are probably 100% correct.  So, let me offer some suggestions on how to come up with a secure strong password.

Method 1: the pass phrase.  While this method may look like it violates the “no dictionary words” rule, it is none the less secure as it uses multiple words strung together.  A possible example: CanYoudothefandango?  This password is long, contains multiple words, and uses 3 different character ranges.  This pass phrase is easy to remember but hard to guess and very hard to break.  You can no doubt come up with a similar phrase that would be easy for you to remember.

Method 2 is a variation on Method 1: the abbreviated pass phrase.  This method starts off with a pass phrase as above, but shortens it up somewhat (and sometimes substitutes symbols for letters).  For example, CanYoudothefandango could shorten up to CYd0tfan.  Still secure, a little easier to type.

Method 3: use a keyboard pattern.  This insures the randomness of the password, can easily meet length requirements, can be easily remembered and extremely hard to guess.  Examples of keyboard patterns: A1s2d3f4   Zxcv1234   1!AaQqWwSs

In this interconnected age of work computers and the Internet, good strong passwords are essential.  Don’t get caught with a weak password – you may find out too late that someone else has access to your identity.