We all know the importance of good passwords. But what is a “good password?”
For years, we’ve been told that good passwords were long and complex:
But who can remember that? So most of our passwords like like this:
Or maybe, if we’re really fancy:
Turns out, hackers are pretty smart. They have tables of the most common passwords (all three of those above are right near the tops of those tables, by the way), and they try those against your password first. So those passwords are already cracked. They were cracked before you finished reading the title of this post.
Computers are fast, so long passwords are good - the longer the password, the longer it takes to crack. Size, it turns out, really does matter. Over 20 characters is good.
I know, I know - twenty characters! I’ll never remember that! But it turns out they don’t have to be too complex for humans to understand. Mainly because computers don’t speak a human language. So, to a computer,
is pretty much the same as
Same number of characters. So that’s a good start. However, they’re not quite the same to a computer - the first one is actually much more complex. To make them really the same, we have to tweak a couple of things:
Now it’s the same number of characters, it uses upper and lower case, it has some symbols and some numbers. And it’s not common. Very much harder to crack.
But it’s still not quite that easy to remember. How about this one:
I think that I shall never see 45$!
That one’s even longer, and has numbers, letters, capitals, symbols… everything you need for a good, secure password, but (assuming you’re a Joyce Kilmer fan) (or, I suppose, if Joyce Kilmer owes you money) pretty easy to remember. Especially if “45” is your house number or you replace it with your phone exchange.
So, the secret to picking a good password is to pick a phrase you’ll remember. Make it part of a poem or song you like - but not the most common line, and maybe your second favorite poem or song, since I’m sure everybody knows your favorite. Then add a few symbols, a couple of numbers, and voila! A good, solid password.
We all like to pretend we’re incapable of remembering a lot of passwords. That is, of course, nonsense. We may be too lazy, but we’re not incapable. Even so, having a password vault is a good idea.
There are several good ones out there. LastPass is Web-based, KeePass is available on just about every conceivable platform, and there are many others, including a built-in keychain in OS X. Pick one and keep all your passwords in it. Back it up regularly.
Besides, your Web browser’s going to remember most of them anyway. Once you type them in the first time, you’re done!
Conventional wisdom has it that you should regularly change your password. Studies have shown that if your password is strong enough (long, letters and numbers and characters, upper and lower case), you don’t need to change it unless it’s been hacked (as so many banks and email programs have been recently). So make ‘em good, and you’re free of regular change.
Never Use the Same Password Twice!
Never use the same password on two different systems (e.g. email and Facebook). If you’re using a password vault, you can use different passwords on different systems without having to worry about forgetting one.
And by “different” I don’t mean “
thisisagreatPassword22!” vs “
thisisagreatPassword33!” I mean really different. Lines from two different poems or songs. The coolest thing someone wrote in your yearbook. A great movie quote. Mix it up.
So there you have it. Good, solid, hard-to-crack passwords are easier than you think.Categories:Security