How To

How to Write Good Passwords

A good password isn't a password at all. Instead, it's a system for creating codes that are easy to remember but hard to crack.

By Sarah D. Scalet

December 01, 2005CSO

A good password isn't a password at all. Instead, it's a system for creating codes that are easy to remember but hard to crack. And by codes we do mean codes, plural, so that someone who finds out one of your passwords won't know them all. Here's one methodology to help you generate unguessablebut memorablegibberish.

Step 1: Choose a core phrase. Start with a phrase that's at least five words long. It could be the first line of a song, a quotation, a book titleanything that sticks in your head. Draw your core password from that, perhaps by using the first letter of each word.

tcith

These are the first letters of the book title The Cat in the Hat.

The payoff: This simple step protects you from someone who is running what's called a dictionary attack, in which every single word in the dictionary (and many proper names too) are tried until the right one is found. Computers can run through a dictionary attack in no time flat.

Step 2: Replace some lowercase letters with capital letters, numbers or symbols. Now mix things up by creating conventions around letters that you'll always make uppercase or change to symbols or numbers. Do what makes sense to you, so you don't have to write your system down.

Tc!tH

Here, we've capitalized the first and last letters of the phrase, and replaced an "i" with an exclamation point. You could also make "@" stand in for "a," "1" stand in for "l," and so on.

The payoff: This step exponentially increases the amount of time it takes for someone who is running a password-cracking program that burns through every possible combination of characters until it finds the right one. Rather than guessing from the 26 lowercase letters on the keyboard, the program has to try 52 uppercase and lowercase letters, plus 10 digits and at least 10 more punctuation marks.

Step 3: Customize the password for each site or application. You can use the same core password multiple times, but add a character or three to ensure that every passphrase includes a number, and also that the passphrase is at least seven characters long. To get there, think up a system for generating an extra letter and number based on the name of the website or program you're accessing.

o5Tc!tH

Assuming that the password is for a Yahoo webmail account, we've added an "o"for the last letter of Yahooand a 5, for the number of letters in Yahoo.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Discover whether hosting is your smartest choice for enterprise messaging.

GoogleTo host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.

» Read the Paper

Featured Sponsors