Articles
Choosing Secure Passwords
In the present age, where nothing is sacred, it's important to ensure that your various accounts for IT services such as online banking are protected using the best password possible.
Corporate administrators and people with particularly sensitive network permissions should also consider the importance of a good password; to protect the entire network from damage caused by unauthorised access.
While passwords such as "joe", "jan01" and "qwerty" are indisputably easy to remember, they are not at all secure. "Qwerty" for example is in the top ten list of passwords that hackers attempt to guess prior to rolling out the software.
"Joe" and "Jan01" are personal details and anyone who knows something about the person to whom the account belongs can potentially guess this information.
While a secure password isn't the only means of protection, it is a good one. Hacking software which uses a dictionary attack will pick up English words and common foreign language phrases.
So how do you go about choosing a secure password? Well, here's a list of criteria which suggest security:
- Must be at least 6 characters long.
- Must not contain the user name.
- Must not contain user's personal details, such as email addresses, phone numbers, family members, pet's names, spouse's name, etc.
- Must contain a mixture of upper and lower case characters.
- Must contain one or more digits.
- Must contain at least one special character.
Right. So, to tell if a password's secure using these criteria, count how many criteria your password meets.
| Criteria Met | Security Estimate |
|---|---|
=> 5 |
Very secure; impossible to guess; very difficult to crack |
=> 4 |
Not as secure, but not a bad password, and certainly a challenge |
=> 2 |
Not ideal, but passable |
=> 1 |
Well, at least you tried; but not preferable |
None |
Asking for problems |
Most companies using Microsoft Windows servers take advantage of the ability to enforce something called "password complexity" - this is a set of standard criteria, very similar to those above, which dictate which passwords are acceptable.
In addition, most companies also require a minimum length of password, usually between 6 and 8 characters.
Even home users should get into the habit of using secure passwords, as frankly; you don't want your young teen son being able to guess your Internet security password, do you?
The criteria specified above are not entirely industry standard and will not guarantee complete immunity from those wishing to use brute force methods to gain access to a user account. Mintra Systems accepts no responsibility for any losses, caused by reliance on this article.
Author: Rob Church