Tag Archives: password

Is my Password Strong Enough?

Username: admin
Password: admin

You know that’s really not bright, but why? First, I’ll answer the question –

Why do I need a strong password? 

It may not be obvious, but a strong password will help prevent a successful brute force attack on your account (whether this is your FTP account or your WordPress website).

“(A brute force attack) consists of systematically checking all possible keys or passwords until the correct one is found.” (wiki) You’ve seen it in movies, a computer screen cycling through characters one by one until each one is a hit and ‘locks’. This is the basic concept behind

Give it a go, at this Brute Force Space Analysis calculator. Enter admin as a password. This is an accelerated test, with the smallest scenario showing how fast a password could be cracked with 1,000 attempts per second (3.43 hours). Now try a password like adm1n:) and it now estimates a successful crack would take centuries.

You should be aware that this calculator doesn’t tell a complete story. Many brute force attacks are ‘password dictionary’ attacks, meaning a dictionary of common passwords are tried. Admin, 123456, Password are some of the more common (obvious) dictionary passwords.

How do I create a strong password?

The strongest password should be as long as possible (if you’re allowed to use 24 characters, use them), with a minimum of 8 characters. Your password should include numbers and be MiXeDCase (using upper and lower case letters). Most importantly, special characters should be interspersed among numbers and letters.

1Password! is an example of a password that includes all of those recommendations, but is definitely not a strong password, because it’s obviously a commonly recognizable word that begins with a number and ends in a (meaningful) special character. You should avoid common words, and I’d even suggest avoiding the use of the number 1 and the exclamation point.

To create a completely random password, you can use a site like random.org. If you’re super careful bordering on paranoid, you can use two or more password generator sites and combine parts of the generated password from each. I can’t guarantee this method will create an easy to remember password, though. For ideas to create a strong password you can remember, check out How to Create a Strong Password You Can Remember.

*Funny note: While writing this blog entry we got an automated notice from our TrekVisual security program to notify us that one of our sites was undergoing a brute force attack. Username they tried? admin

How to Create a Strong Password You Can Remember

Long gone are the days when you could create a password by spelling your name backwards. Or using your numeric birth date.

To create a strong password, many websites now offer a ‘strength meter’ when you choose a password to show you how strong your password is as you create it. Long, meaningless strings of caps and lower case letters mixed with numbers and special characters make an awesome password – but trying remembering it without writing it down can mean lots of wasted time going through the ‘Lost Password’ process to recover and recreate another long, complicated password you won’t remember next time. The cycle continues.

Adding to that complexity, we need passwords for just about everything we do today online – and they should all be different. I haven’t ever actually counted my passwords, but as a rough estimate, I know I have over 300 different passwords.

Kind of reminds me of Susan Powter back in the 90s, yelling “Stop the Insanity!”

Here are some ideas for creating strong passwords you will actually remember.

  • Choose a favorite quote, or passage from a book or poem you love.Add special characters and numbers throughout as they make sense. For this example, I chose the following quote:

    “Know or listen to those who know.”

    You can turn that into a password like this:

    I converted each letter o to the number zero, changed the word ‘to’ to a number two, and added punctuation that I can remember in places that make sense to me. I also attributed the quote at the end with a dash followed by the last name.

  • Use that favorite quote, passage or line from a poem and create an acronym to use as a password:
    Using the example above, the password acronym would be K,0L2Twk-G 
  • Create a sentence that integrates the name or purpose of the website to make it unique

  • Make a tagline for your experience on that particular website and run with it in creating a strong password. For example, if I were creating a password for logging in to my Chase bank account where my house mortgage is held, I might come up with something like:

    S0m3d4y,1w1ll0wn*Ur*House,Chase! (Someday, I will own your house, Chase)

    (Note that some sites won’t let you use certain special characters, like the asterisk)

It doesn’t have to make sense to anyone but you…and better if it doesn’t! Be creative.

Finally, I’m not a big fan of electronic keychains or password collection apps. I recommend keeping your passwords written down in a secure location which doesn’t exist on any electronic device – ie., on paper. I know it’s a bit old-fashioned, but if it’s not anywhere you can access digitally, it’s not anywhere a hacker can access it digitally, either.