Before we begin, you must be clear on one big truth: there is no such thing as a perfect password. A committed hacker can crack any password, given enough time and the right "dictionary" or "brute force" tools. But just like breaking into a car, if the protection is strong enough, the hacker will become discouraged and give up before the protection fails.
How Hackers Crack Passwords
Hackers use one of two major techniques: password recovery (an administrator's technique), and "brute force" repetition. The password recovery tries to fool your computer system into trusting the hacker as a legitimate administrator. Brute force is simply repetitve attempts at your password, up to hundreds of attempts per minute, to crack it.
"Brute Force" Repetition
Hackers often use software tools called "brute force dictionaries"...software that quickly recombines English dictionary words with thousands of varying combinations of spellings. (Yes, much like a Hollywood safecracker movie scene, but slower and less glamorous.) You can see samples of brute force software here.
Brute force dictionaries always start with simple letters "a", "aa", "aaa", and then eventually moves to full words like "dog", "doggie", "doggy". These brute force dictionaries can make up to 50 attempts per minute in some cases. Given several hours or days, these dictionary tools will overcome any password. The secret is to make it take days for your password!
The Password Challenge: "How Can I Make It Tough to Crack, But Easy to Remember?"
Indeed, how does one balance these two contrary objectives? A long password of cryptic characters will be strong, but so frustrating to remember. Yet a short-and-easy password will get cracked within minutes by a good hacker.
Gratefully, there are some helpful tips to create a strong-yet-memorizable password. The idea behind these next five password suggestions is to turn an easy-to-remember phrase into a cryptic word that will discourage hackers.
5 Tips to a Strong Password
1) Make your password long – 6 characters is OK, 10 characters is good, and 15 characters is excellent. 15 is really desirable for high-level security, because 15 is a special number in Microsoft Windows. At 14 characters and less, Windows passwords are scrambled as “hashes” (encrypted into unseen scrambled characters), and stored in hidden Windows system files. It is possible for a gifted hacker to access those stored hashes and unscramble your passwords. However, MS Windows no longer stores hashed passwords at 15 characters and longer. Yes, it is annoying to type 15 characters just to log into your account, but some situations may merit the effort. For example: you are the chief financial officer of a company, or you are the master sergeant for a military unit
2) Start designing the password with a memorable meaningful phrase..then make it complex by adding numbers and special characters. Here is how you do it:
- Pick a word or multi-word phrase that is meaningful to you.
- Mix one or two letters to be upper case.
- Then change one or two letters to be numbers.
- Then for the sneaky twist: insert one or two non-alphabetic characters. The beginning or end of the password is easiest for memorization purposes. Examples include: .(period), !, *, %, &, or #.
- Here are some password examples.
Next: Three More Tips to Creating a Strong Password...
