How to choose a good password?
What is the minimum complexity for a password?
Why should you bother?
It is easy to hack most passwords
Hackers trying to get access to your computer, web account or bank account may use brute force attack to find your password. Brute force (and rainbow tables, see ophcrack), is when hackers try automatically every possible password: aaa, aab, aac…
With current computer speed it is easy to find passwords such as:
|test||in about 30 seconds|
|te4st||in about 2 minutes|
|bf5gr#||in about half an hour|
|bf5gr#2!||in about a month|
As you can see, the number of different types of characters and the length of the password are very important to protect yourself against brute force attacks.
The rules to create a strong password are:
|The length must be 9 characters or more||bf5gr#2!||bf5gr#2!!|
|Use every type of character (see table below)||apassword||1Apassword!|
|Never use words that could be found in dictionaries, books, music, etc. (whatever the language)||croissant||1Wfysovz!|
|Never use simple combinations of many simple words, words written backwards, etc.||Monthy-nohtyP||1MPoyntthhoyn!|
The different types of characters are:
|Lower case letters||abcdefghijklmnopqrstuvwxyz|
|Upper case letters||ABCDEFGHIJKLMNOPQRSTUVWXYZ|
|Special characters||!#$%^&*()-_+= (and others you can type on your keyboard)|
- Never use the same password on different web sites. If one gets hacked, it will be easy for a hacker to access the other ones. A website may be hacked for many reasons beyond your control.
- If you plan to use your account on public computers (cybercafe), change your password before leaving home and change it back when returning. Public computers may have key logger installed to record everything you type on your keyboard.
- Put false passwords under your keyboard, in your wallet and in a file called “password” so that hackers try these false passwords and thus lock your account for too many trials. This concept is called “honeypot”.
- Never post the answer to “secret questions” on social web sites such as Facebook. You don’t want a hacker to easily find the name of your first pet or the name of your mother.
- If you are using Windows: disable the default Administrator and Guest accounts. These accounts are created by default and have no password.
OK, but how may I remember hundreds of different password???
They are so complicated!
A trick is to use the same password for every site by introducing small variations. For example let’s say you have chosen “p3A5t7a!e” as your main password, you may use “GMAIL p3A5t7a!e” and “FBOOKp3A5t7a!e” as passwords for Gmail and Facebook.