Creating strong passwords (and passphrases) in six easy steps

There's a good article that was recently posted on on the Microsoft Security At Home web site that outlines how to create strong passwords.

Why should you care? Because last year InformationWeek reported that simple passwords created using short, simple key sequences can be easily cracked:

"For example, a lowly P3 PC running a widely available cracking tool at just 500 MHz was able to guess the password "ChEcK12" in only 26 seconds; and today's top-of-the-line PCs could perform the same crack almost instantly. (For more examples of just how quickly simple password techniques like this can be bypassed, see this page from McMaster University). It's scary stuff."

The article from the Security At Home web site recommends six steps to creating a strong, memorable password:

1. Think of a sentence that you can remember. (see more on "passphrases" below)

2. Check if the computer or online system supports the passphrase directly.

3. If the computer or online system does not support passphrases, convert it to a password.

4. Add complexity by mixing uppercase and lowercase letters and numbers.

5. Finally, substitute some special characters and symbols for common letters.

And last: Step 6. When you're done, you can test your new password with Password Checker, a non-recording feature the Microsoft.Com site that tests the strength of your as you type.

I like the suggestion of using a passphrase which when used as a password is as long as the phrase is in number of characters. As the Wiki notes, passphrases are usually longer than a password, with 20 to 30 characters typical of many passphrases, "making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary."

So, passphrase of "MydogSpotisblackandwhite" may be better than "mydogspot." Again, InformationWeek suggests that passphrases can be more secure "because they're made of a series of words rather than totally random characters, they're much easier to remember than conventional passwords of similar length."

More information:

• InformationWeek: How to Build Better Passwords
• How To Choose A Passphrase
• Help Safeguard Your Personal Information Online
• Safer Shopping Online
• How Internet Explorer Keeps Your Data Safe
• ASP Alliance with more on passphrases (with additional links to more info)

Tags: Microsoft, passwords, password, passphrase, security.

Share this post:

Also available via https://bit.ly/d5xJxE

Comments

• Anonymous
  May 05, 2006
  I'm clearing out the email that I missed this week due to a number of big reviews and meetings, and one...

• Anonymous
  June 23, 2006
  In the past I posted about how to create strong passwords (and passphrases) in six easy steps. Here's more...

• Anonymous
  October 17, 2006
  I'm clearing out the email that I missed this week due to a number of big reviews and meetings (apologies),

• Anonymous
  October 17, 2006
  This weekend I blogged that when it comes to security on your computer -- whether it's a Mac or a PC

• Anonymous
  January 14, 2007
  A question this weekend: "What if I forget my Windows XP password?" If your Windows XP computer is a

• Anonymous
  June 19, 2009
  PingBack from http://mydebtconsolidator.info/story.php?id=21511