Good Passwords, have to be better now

Most people on the internet have heard about passwords, and the importance of choosing a good one.   Knowing a bit about how they guess your password can really help a lot in choosing one.  There are also many resources for helping you choose a password, but they do not always focus on the "why".  Why passwords should not be common words, or familiar words, and that is what I will try to answer here.

First, what is a good password?  Most websites, try to help you choose a password by having a list of rules in place to guide you.  They focus on it's length, using mixed case characters and numbers, some also mention using symbols.  And this is the mechanics of a good password.  

People who will try to guess your password read the exact same list of requirements, and use it to limit their guesses to only the passwords that work within those parameters.

There are two schools of thought on guessing a password.  The first is to get to know you, or information about you, and use that information to make an educated guess about what you might have used, this is more commonly referred to as "social engineering", and includes learning one of your passwords and trying it on another account.  The second is to randomly guess words that people commonly choose for passwords, many people mis-use the word "hacking" for both methodologies.

To combat the first, do not choose passwords that have anything to do with you personally.  Never choose simple words, like your pet's name, or a family members date of birth.  Anyone who has ever watched the movie War Games, will remember the scene where he guesses the password to the mainframe by choosing names of people important to the professor.  

The second method, choosing dictionary words, or a password dictionary word, can be combated by choosing strings, not single words when selecting a password, maybe it would be better to think of it as a pass phrase.  

One important thing that has changed recently, is that password guessing tools now take into account substituting numbers for letters.  This is why your password selection may need to improve.  "1" for "l" is very common, as in "we1come", but any substitution that is common, is now found in the guessing dictionary, including "we1c0me" and "we1c0m3".

Here is a handy link to help select an excellent password:

Good luck!

No comments:

Post a Comment