When you turn on your computer you type a password. When you access your e-mail online you type a password. When you log into your chat program you type a password. When you access your bank account online you type a password. Everything you do in the digital world is measured and protected accordingly, and normally the level of security is not decided by you, the end user. Choosing the right password is one way to control how secure your digital world is.
If your password is ‘password’ or your name, or your cat’s name, you’re not as secure as you could be. If this is for your Hotmail account then you might not be too concerned, but if you use the same password for Hotmail as you do for internet banking and someone manages to break into your Hotmail account then it’s easy to see how important security is online.
The practice of “cracking” passwords is mostly known as “brute force”, as in to open by brute force. An attacker will use a text file such as a large dictionary as a list of words to attempt to try to guess your password. The best hackers will have enormous dictionaries containing combinations of numbers, letters and characters. For example, if your password was the word ‘aardvark’ then your account would take less time to break into than if it was ‘zebra’. Using combinations of letters and numbers used to be enough, but now it’s considered best practice to include characters and capital letters too.
Once you’ve decided to go with a more secure password, the question becomes how do you remember the complex string of characters you use, and how do you vary the password you use on different sites and for different purposes? Here’s one way.
Pick a regular word that has some meaning to you. It should be around 6 to 8 characters. It can be your nickname at school, your mother’s maiden name or your favourite hockey player’s name. For the purposes of this example I’m going to use the word ‘edgware’, a place name. Now we have to add numbers into the mix - choose 4 numbers, as random as possible. Most people have a PIN number for banking purposes, but you can use an important date or year. For this example I’m going to use 2002, the year I got married. Now combine the two somehow, preferably not by simply placing them one after the other. So far my password looks like this:
e20dgewar20e
Clearly, a word that wouldn’t appear in any dictionary, but still not impervious to random character attempts. Now add a character such as an exclamation mark or ampersand. Don’t simply place it at the end, add it somewhere in the middle. Finally, capitalize two letters. Now my password looks like this:
e20dge#War20e
Voila. This seemingly random string of characters means something to you and contains a word and number easily recognizable to you, but would be almost impossible to break without either a massive dictionary of words or a huge number of attempts. Bear in mind that the strength of this method is that you create a logical path for how you arrived at the password, and you can begin to vary it across the different sites you use. For example, my password for amazon.com might be:
e20dge#War20e
and my password for Hotmail might be:
20edGe20wa#re
The characters are the same but the numbers are placed differently and different letters are capitalized. Simple to remember because they contain the same basic elements, but still impossible to break even if one became compromised. This is important because people sometimes choose weak passwords for Hotmail and use similar passwords for internet banking, which creates a vulnerability.
Here’s one more method for creating and remembering a good password. Begin with another word of around 6 to 8 characters, also memorable to you. I’m going to use my first car, cavalier. Now take your initials and count out how far along the alphabet each letter appears. For A it would be 1, for Z it would be 26, etc. My three numbers are 20, 16 and 12. Now replace the first letters of the word you chose with the first number and the last letters with the second number. Then add the last number in the middle. So far I have:
20va12li16
Then add a random character in the beginning, middle and end. Now my password looks like this:
!20va1&2li16!
Again, the result is a password completely random to anyone but you, yet still easy to remember assuming you remember the method you used to produce the password. A good variation on this might be to simply replace the characters you added in the final step. Don’t forget, the important bit is to figure out a logic path that’s your own that no one could easily guess - simply using your name reversed or adding ‘1234′ at the end won’t be enough!
Here is Microsoft’s page devoted to choosing a good password, with some great advice. Also, here is their password checker, a tool you can use to test the strength of the password you choose.
