|
While security has never been more important than it is today, the fastest way for an IT professional to become the most despised person in the company is to start enforcing a strong password policy. A policy perceived as overbearing may cause people to write down their passwords on a sticky note near their computers, circumventing its very purpose. Your policy will be ineffective if your users don't know how to create strong passwords that are easy to remember.
Left to their own devices, people will choose passwords that are simple for them to remember. They'll use their spouse's name, their dog's name, their favorite sports team or a recent vacation spot. Sometimes while working on a user's computer, I'll need to log on as that person after a reboot. Unfortunately, he's wandered off, not wanting to hover over the IT guy. I generally prefer not to know other people's passwords, so I usually don't ask. In this situation, I sometimes take a guess. I've been right a surprising number of times, and sometimes with people who are very powerful. It's easy. I simply glance around their offices and note what their obsessions are.
Keys to password strength: length and complexity
An ideal password is long and has letters, punctuation, symbols, and numbers.
- Whenever possible, use at least 14 characters or more.
- The greater the variety of characters in your password, the better.
- Use the entire keyboard, not just the letters and characters you use or see most often.
Create a strong password you can remember
There are many ways to create a long, complex password. Here is one way that may make remembering it easier:
| Start with a sentence or two (about 10 words total). |
Think of something meaningful to you. |
Long and complex passwords are safest. I keep mine secret. (10 words) |
| Turn your sentences into a row of letters. |
Use the first letter of each word. |
lacpasikms (10 characters) |
| Add complexity. |
Make only the letters in the first half of the alphabet uppercase. |
lACpAsIKMs (10 characters) |
| Add length with numbers. |
Put two numbers that are meaningful to you between the two sentences. |
lACpAs56IKMs (12 characters) |
| Add length with punctuation. |
Put a punctuation mark at the beginning. |
?lACpAs56IKMs (13 characters) |
| Add length with symbols. |
Put a symbol at the end. |
?lACpAs56IKMs" (14 characters) |
By using the following tips, people will be able to create easy-to-remember passwords that follow these typical requirements: at least eight characters long and with at least three of the following character types: uppercase letters, lowercase letters, numbers and special characters:
-
Substitute numbers for letters and vice versa. (o instead of 0, 4 instead of A, 1 instead of L, E instead of 3)
-
Substitute words for numbers (one, two, three ... )
-
Combine both of the above (0ne, thr33, f1ve)
-
Use capitalization in random places (bLue, happY)
-
Use special characters ( !@#$%^&*(){}[] ) to punctuate and separate words
-
Create passwords out of words, numbers or phrases you'll remember
-
Misspell words
Using these tips, you can create memorable passwords that will be nearly impossible to guess. Here are some examples of converting memorable information into a complex password
We'll start with some easy ones:
More complex passwords:
-
19 Peach Place becomes: 0ne9peacHpl!
-
I love Jill becomes: eYelov3Jill
-
My dog Fritz becomes MeyedogfrltZ
Common password pitfalls to avoid:
Cyber criminals use sophisticated tools that can rapidly decipher passwords.
Avoid creating passwords using:
- Dictionary words in any language.
Words in all languages are vulnerable.
- Words spelled backwards, common misspellings, and abbreviations.
Words in all languages are vulnerable.
- Sequences or repeated characters.
Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
- Personal information.
Your name, birthday, driver's license, passport number, or similar information.
Substitute numbers for letters and vice versa. (o instead of 0, 4 instead of A, 1 instead of L, E instead of 3)Substitute words for numbers (one, two, three ... )Combine both of the above (0ne, thr33, f1ve)Use capitalization in random places (bLue, happY)Use special characters ( !@#$%^&*(){}[] ) to punctuate and separate wordsCreate passwords out of words, numbers or phrases you'll rememberMisspell wordsFriday becomes frYday!Robert becomes #robERt#867-5309 becomes 8siX753o919 Peach Place becomes: 0ne9peacHpl!I love Jill becomes: eYelov3JillMy dog Fritz becomes MeyedogfrltZ
|