Friday, March 13, 2009

Tidbit: Creating a Good Password

In the latest Linux Mint Newsletter, Husse linked to an article which suggests that the weakest link in online security is weak passwords. I have seen this myself in the passwords my friends use. But it is possible to create a strong password that is also easy to remember. Here is how I generally go about it.

Pick your root words

This is what will make your password easy to remember for you. Choose two short words that you won't forget - two words because two words are harder to guess than one for a cracker. Example:
'dogs' and 'linux'.

Swap in some numbers

Now swap some letters for numbers that look like the letters. For example: 1 = I, 3 = E, 4 = A, 5 = S, 7 = T, 8 = B, 0 = O. You can use whatever substitutions you like as long as you remember them. Now our root words are:
'd0g5' and 'l1nux'

Mix up the words

Alternate the letters of the root words but you can mix them up in a way that suits you. Now we have:

Use uppercase letters

Using at least one uppercase letter immediately increases the strength of the password because the cracker must now account for 26 more characters. Let us make the first and last letters uppercase:

Add a special character

To increase the number of characters in the mix, add a special character if it is allowed. These can be punctuation marks or symbols. Just keep it easy to remember

Add site specific changes

It is not a good idea to use the same password on multiple sites because if one is cracked, they all are. And this is more important with more and more of our personal information going online. But still nobody likes remembering a different password for every site, if that is even possible. What we can do is make site specific changes (that are easy to remember) to our already strong password. For example, add the first letter of the site on which this password will be used. If it is on gmail, our password is now:


Now we have an awesome password that will take even the fastest brute force attack a long time to crack! And yet it is easy to work through the steps from our ultra-easy-to-remember root words to our awesome password should you forget it. After a while, this complex sequence becomes second nature even with site specific modifications.

But the weakest link still remains. And that is you! It goes without saying... do not tell anyone, do not write it down, do not save it in a file, etc. There really is no need to if your root words are easy to remember. And even if someone who knows you well can guess the root words, it will still be hard to guess your password.

Take the above process, change it to what suits you best, make your own rules, and most importantly, use it!

You can check the strength of your password at Our password here rates as 'Very Strong'!

No comments: