vanish.org Passwords Anonymity Privacy Security Creating and remembering safe and secure passwords Despite the huge advances in security technology, we have not yet found a true substitute for passwords. They remain pivotal to any security system. Although more secure forms of authentication are available – key cards, fingerprint ID machines, retinal scanners – passwords are simply the cheapest and easiest to use. They are also the only viable form of authentication that is available for online services. Your Clever Password Tricks Aren't Protecting You From Today's Hackers Security breaches happen so often nowadays, chances are you're sick of hearing about them and all the ways you should beef up your accounts. Even if you feel you've heard it all already, today's password-cracking tools are more advanced and cut through the clever password tricks many of us use. Here's what has changed and what you could do about it. Most people are too predictable in their choice of passwords. Left to their own devices, they often choose a password that is to short or to easy to guess. Passwords are about their identity. They tend to reveal themselves in their passwords. They often choose the name or birth date of a loved one; use their address or telephone number. These types of words are easily guessed, which makes the job of password cracking straightforward. Choosing a password Eliminate the things we are not allowed to use Dictionary words (mackerel, dandelion, millionaire) Foreign words (octobre, gesundheit, sayonara) Simple transformations of words (tiny8, 7eleven, dude!) Names, doubled names, first name and last initial (kittykitty, nancyw) Uppercase or lowercase words (MAGAZINE, licorice) An alphabet sequence (lmnop) or a keyboard sequence (ghjkl) Very short words or just one character (dog, !, hi!, me, love) Words that have the vowels removed (sbtrctn, cntrlntllgnc) Phone numbers Numbers substituted for letters, like a zero instead of the letter O or a number 1 in place of the letter l You must not use your car's registration! You must not a numeric password with your birthdate! So, where do we start? Is   "md=7hniM"   a good password. Yes, and No. There is a belief that totally random passwords created by random password generators are the best passwords. This is not always true. While they may be strong passwords, they are difficult to remember and slow to type. But, if you can handle that, then they should be your first choice. The longer the password, the more difficult it is to crack. This decision is not always yours to make. Some access points requiring a password will not allow passwords longer that eight characters. You should set this number of characters as your minimum requirement for a password. An ideal password should contain at least one item from each of the four character sets below : uppercase letters lowercase letters numerals special characters A, B, C a, b, c 1, 2, 3 $, ?, & A good password is easy to remember, but hard to guess With that in mind, one of the easiest ways to generate – and remember – a complex password is to think, not in words, but in phrases. As an example let's use the password shown above "md=7hniM" It uses the minimum 8 characters and may look difficult until we reveal the phrase it refers to. my daughter is ( = ) 7 her name is Mary By thinking in phrases that are relevant to us passwords just became a lot easier. My name is Lisa I have two children Their names are Barbara and David That is an easy 14 word sentence to remember Now convert it to a password mn=LIh2cTn=B+D Checking your password strength Hammer Of God has the online version of the Password Strength Checker from TGP. This is implemented in server-side code, which means that when you type, the phrase you are testing is sent across the Internet. Do not use your real password Use the same format system – mn=LIh2cTn=B+D – but not the actual password. As mentioned before, A good password is easy to remember, but hard to guess And you must also NEVER write down your password Next ... Password Crackers Most password crackers can try tens of thousands of word variations per second. Vanish.Org Copyright © 2006 All rights reserved