Create and Use an Unguessable Password - pt2

• Home Page
• Free Newsletters
  • Dec 1, 2008
  • Nov 15, 2008
  • Oct 15, 2008
  • Oct 1, 2008
  • Sept 15, 2008
  • Aug 1, 2008
  • July 1, 2008
  • June 15, 2008
  • Older Newsletters
• Computer Forum
• Computer Articles
  • Windows Vista
  • Windows XP
  • Home Server
  • Ubuntu Linux
  • General Computer
  • Computer Security
  • Internet and Email
  • Microsoft Office
• Free Software
  • Security Software
    • AntiVirus
    • AntiSpyware
    • Firewall
    • Scan and Remove
    • Other Tools
  • PC Maintenance
    • Clean and Tune
    • Backup Software
    • Uninstallers
    • Other Tools
  • PC Utility
    • Disk and File
    • System Utilities
    • Desktop / Gadgets
    • Miscellaneous
  • Internet and Email
    • Browsers
    • Email Software
    • Other Tools
  • Audio and Video
    • Players
    • Rip and Burn
    • Convert and Edit
    • Copy and Record
    • Other Tools
  • Photos and Image
    • View and Organize
    • Edit
    • Other Tools
  • Productivity
    • Home and Office
    • Organizers
• Dave's Picks
  • Antivirus / Firewall
  • Audio and Video
  • Desktop Software
  • Internet and Email
  • PC Hardware
  • PC Maintenance
  • PC Utility
  • Photos and Image
  • Spyware / Malware
• Links
  • General Computer
  • Free Software
  • Windows Vista
  • Spyware Info
  • Software Vendors
  • Virus Info
  • Computer Security
  • Email Security
  • General Interest
  • Personal Websites
• Broadband Test
• Please Donate
• Sitemap
• Site Policies
• About Us

Return to Part 1 or continue to Part 3

We're going to take a short detour away from the security maxims for the next couple of issues and explore passwords in more detail. It's an important subject. In the last newsletter, I gave you security maxim #4: Use an unguessable or difficult-to-guess password, always. In that article, I gave some examples of easily-guessable passwords--what not to do. In this article, I'll give you an example of one thing you can do to create strong, unguessable or difficult-to-guess passwords.

By far, the most unguessable password would be a string of random characters like ‘Qt6W’{/b?@mn,QL”Q% and the longer, the better. Sure, a computer could eventually discover such a password using a brute force attack, but it gets more difficult the longer you make your password. For example, to crack the above password, assuming a supercomputer that can guess a billion passwords per second, it would take 10,533,833,066,248,927,000 (10 quintillion, 533 quadrillion, 833 trillion, 66 billion, 248 million, 927 thousand) years to look at all the possible combinations. Shorten that password to 9 characters, and it would only take 26 months.

There are plenty of password generator programs available. GRC’s Ultra High Security Password Generator page is a good example. The problem with such passwords is that they’re impossible to remember; you have to store them somewhere or print them out. It's far better to have a password that looks random (to a computer, at least), but means something to you so you can remember it without having to write it down. That's easy to do: Simply come up with a meaningful phrase and then convert it to a string of characters. Here’s one: I drive 33 miles round-trip each day. (Notice I included numbers and a dash.) That could become id33mr-ted. Make some of the characters uppercase: iD3#mR-TeD (I made every other character uppercase — easy to remember).

You can, and should, come up with your own pattern or algorithm for creating unguessable but easy to remember passwords. In the next issue, I'll give you some tips on how to do that. I'll even show you how to write down your password in such a way that you can post it anywhere and still be secure.

Return to Part 1 or continue to Part 3

Ken Harthun is the Security Editor for Daves Computer Tips. He also writes about security issues for IT Knowledge Exchange and blogs on general Geek things at Ask The Geek. You can read more about Ken here.