Apr 182011

How to choose a good password?
What is the minimum complexity for a password?
Why should you bother?

It is easy to hack most passwords

Hackers trying to get access to your computer, web account or bank account may use brute force attack to find your password. Brute force (and rainbow tables, see ophcrack), is when hackers try automatically every possible password: aaa, aab, aac…
With current computer speed it is easy to find passwords such as:

test in about 30 seconds
te4st in about 2 minutes
bf5gr# in about half an hour
bf5gr#2! in about a month

As you can see, the number of different types of characters and the length of the password are very important to protect yourself against brute force attacks.

The rules to create a strong password are:


Rule Bad Good
The length must be 9 characters or more bf5gr#2! bf5gr#2!!
Use every type of character (see table below) apassword 1Apassword!
Never use words that could be found in dictionaries, books, music, etc. (whatever the language) croissant 1Wfysovz!
Never use simple combinations of many simple words, words written backwards, etc. Monthy-nohtyP 1MPoyntthhoyn!

The different types of characters are:

Lower case letters abcdefghijklmnopqrstuvwxyz
Numbers 0123456789
Special characters !#$%^&*()-_+=  (and others you can type on your keyboard)


  • Never use the same password on different web sites. If one gets hacked, it will be easy for a hacker to access the other ones. A website may be hacked for many reasons beyond your control.
  • If you plan to use your account on public computers (cybercafe), change your password before leaving home and change it back when returning. Public computers may have key logger installed to record everything you type on your keyboard.
  • Put false passwords under your keyboard, in your wallet and in a file called “password” so that hackers try these false passwords and thus lock your account for too many trials. This concept is called “honeypot”.
  • Never post the answer to “secret questions” on social web sites such as Facebook. You don’t want a hacker to easily find the name of your first pet or the name of your mother.
  • If you are using Windows: disable the default Administrator and Guest accounts. These accounts are created by default and have no password.


OK, but how may I remember hundreds of different password???
They are so complicated!

A trick is to use the same password for every site by introducing small variations. For example let’s say you have chosen “p3A5t7a!e” as your main password, you may use “GMAIL p3A5t7a!e” and “FBOOKp3A5t7a!e” as passwords for Gmail and Facebook.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>