What makes a good password?

14.09.2009

I regularly come across systems with passwords that I guess within about 30 seconds or that I know could easily be cracked within a few minutes using readily available tools.

With this in mind I thought it might be worth giving people a few ideas as to how to avoid these issues.

What NOT to do:

  • Don’t use personal data like a name or any other information that some one could easily discover about you from other sources
  • Do not choose a word (English or otherwise), proper name, name of a TV show
  • Use simple transformation of a word such as putting a number at the start or end, writing a word backwards or simply substituting a letter for a number

How Long should a password be ?

Ideally a password should be a minimum of 8 characters although longer passwords are recommended (Windows XP supports a maximum of 127!)

Can I write my password down ?

  • You should make sure that you are not one of the many who writes it on a sticky note and pastes it to the monitor!
  • Rather than write down the actual password write down a hint
  • If at all possible store it in a safe place like a safe or locking cupboard (away from your PC)

Some methods for selecting a password

  • As a minimum have a mix of letters, numbers, punctuation marks and upper / lower case
  • Make up an easy to remember sentence, take the first letter of each word, add in the punctuation and substitute letters for numbers
  • I like to play golf at the weekends. becomes I1tpgatW
  • Take two random words, join them with a non alphabetic character or two and change a letter to a substitute letters for numbers
  • July & Golf becomes Ju1y%G01f
  • There are many other simple methods (try just searching passwords on Google for ideas)

How do I remember all these passwords?

There a number of utilities to help you with this. A couple I have come across that appear to do a good job are Keepass (http://keepass.info) and RoboForm (http://www.roboform.com). In addition to storing passwords Roboform also sits on your PC in the background and when you navigate to a web site with a UserID / Password entry box it will allow you to pre-fill the information with one click on the toolbar. It can also be used to complete those web forms with name & address details.

So stay safe and make sure you have secure passwords