Understanding What Makes A Password Secure
Consider these passwords:
Which do you think would be most secure? The first password ([email protected]) would take about 3 hours or less to crack. Hopefully, you knew that would be the weakest password of the three. While it utilizes special characters and numbers, they are used to replace letters based on visual similarities between the number/character and the letter it replaces. It just barely passes the minimum requirement of 8 characters that most passwords are subject to.
But of the remaining two passwords, which would be harder to crack? The second password (complicatedhardtohackpassword) has no special characters or numbers and no capital letters, while the third password contains both capital letters as well as special characters and numbers.
Despite the second password's lack of entropy (lack of order or predictability), which has always been thought to be the basis of secure passwords, it would be 26.71 x 106 times harder to crack than the third password - that translates into 26 billion times harder to crack. If you add capital letters (ComplicatedHardToHackPassword), it becomes 13.9 x 1015 (13.9 quadrillion) times harder to crack. If you change it further - [email protected][email protected]$$w0rd - it becomes exponentially harder to crack: 53.9 x 1022 (5.39 septillion) times harder, in fact.
Rather than creating a password that utilizes entropy and is hard to make sense of, even when you see it written down, make a password that is easier for you to remember (so you don't NEED to write it down) but is infinitely more secure than the passwords you've used previously. Don’t leave out the numbers, capital letters, and special characters, but use them in a way that makes sense to you. Here are a few recommendations for creating hard to break passwords that you will be able to remember:
Use 10 or more characters
Use more than one word to create a password
Utilize capital letters, symbols and numbers in unique ways
try capitalizing letters other than the first letter of a word
place numbers in the between words or in the middle of a word
don’t use symbols or numbers to replace all of a specific letter
Make small changes to important names, events, or dates that make your password hard to guess
Your name is John Doe. Your wife is Jane, and your daughter is Jenny. You have a dog named Max. You live at 123 Some Street. Your favorite sports team is the Giants. Your favorite color is green. Once upon a time, you had a cat named Oliver - way back in college before you knew your wife … well, it wasn’t even your cat, it was your girlfriend’s cat, but you’ll never forget that fur ball. You really like number 17, because your favorite baseball player of all time wore that number, even though you don’t really watch baseball anymore.
Ok, so let’s make a password.
Compared to [email protected], this password (Oliv3rD0g17Giants!123) would be 80 million times (8 x 107) harder to crack. It is 21 characters long with 7 numbers and 1 symbol.
How These Passwords Test "In The Real World"
No matter what I tell you, your password's performance in the real world is the important factor. I tested four of the passwords ([email protected] [email protected][email protected]$$w0rd [email protected] Oliv3rD0g17Giants!123) on a couple of online tests or meters. Since I am not using these passwords for my own accounts, I have no problem plugging them into a questionable website for our testing benefit. First, I checked Microsoft's Saftey and Security Center. All the passwords were rated "Best". I found another test, that had a variety of standards it graded on, giving extra points for exceeding "minimum standards".
[email protected] Scored 135
[email protected] Scored 168
Oliv3rD0g17Giants!123 Scored 178
[email protected][email protected]$$w0rd scored 48 more points than the lowest score simply for the number of characters. Even without the score for the length, the four passwords score in the same ranking (just with lower numbers). Length definitely gives your password more security, but it's not everything. Be creative and create passwords that you will be able to remember (without using a password manager!) but are secure enough even your mother wouldn’t be able to guess them.
Sometimes, you create a password so good that even you can't crack it. If this happens, and you no longer have access to your computer or files, give us a call. Before you reformat that computer, let us save your data. We havecustomer service representatives standing by 24/7 to answer any questions you might have and get your data recovery case started today.