Friday, May 25, 2012

Strong Password Checklist

A good, strong password should meet all three of these criteria:

  1. Over eight characters in length. Short passwords are easier to crack than long passwords.
  2. Combines letters, numbers, and symbols, but:
    • Not sequential or repeating combinations, such as "12345678," "222222," "abcdefg," or adjacent letters on your keyboard.
    • Not common words with letters replaced by numbers or symbols, such as "M1cr0$0ft" or "P@ssw0rd". Unfortunately, hackers know these tricks, too.
  3. Easy for you to remember, but difficult for others to guess, and:
    • Not your login name, your spouse's name, or your birthday.
    • Not words found in the dictionary, in any language. Hackers use sophisticated tools that can rapidly guess passwords that are based on words in the dictionary, in a variety of languages, and using words spelled backwards.
    • Not hard-to-remember. Random combinations of letters, numbers, and symbols that must be written down to be remembered, can be misplaced, or found by others and used.

Help gauge the strength of your passwords with the Microsoft password checker.

Create a strong, memorable password in 4 steps

One way to create a strong and memorable password is to come up with a "passphrase." Here's a way to create a passphrase-based password in four easy steps:

  1. Think of a sentence that you can remember, such as "My son Aiden is three years older than my daughter Anna." This will be your passphrase.
  2. Take the first letter of each word of the sentence to create a new word. Using the example above, you'd get: "msaityotmda".
  3. Then mix it up by using a combination of upper and lowercase letters and numbers. Example: "MsAi3yotmdA"
  4. Finally, substitute some special characters that look like letters, to make this password even stronger. These tricks finish the example password to read "M$8ni3y0tmd@".

If you're worried about remembering your passphrase, start with a common phrase as your passphrase, such as "You can't teach an old dog new tricks," then inject at least one number or symbol into the password. In this case, "yctaodnt" can become "YctaODnT", or even "U(t@0DnT".