When Jennet isn't writing, she's playing video games and participating in environmental NGO activities. She is crazy about new technologies and soccer!
Have you ever think how hard is it to choose a good password or how important it is?
Most people believe that choosing a good password is easy. After all, how is somebody going to guess my wife's maiden name?
In reality, people usually choose poor passwords. In 2004 [Klein 2004] an attempt to crack a large password database revealed over three hundred passwords in the first fifteen minutes! One fifth of all password were obtained in the first week and approximately one quarter were cracked by the end of the search. More than half of the cracked passwords were six characters or less and some accounts didn't even have a password.
An intruder only needs one password!
Choosing a good password is a tradeoff between something that is difficult to guess versus something that is easy to remember. While @G7x.m^l is probably a good password, nobody will remember it and it is certain to appear as a sticky note attached to a terminal. Conversely, your first name is very easy to remember, but it is also trivial to guess.
Some simple rules of thumb
Some simple guidelines that will help you choose better passwords are:
• A password should be a minimum of eight characters long.
• Try to include some form of punctuation or digit.
• Use mixed case passwords if possible.
• Choose a phrase or a combination of words, that make the password easier to remember.
• Do not use a word that can be found in any dictionary (including foreign language dictionaries).
• Do not use a keyboard pattern such as qwertyui or oeuidhtn (look at a Dvorak keyboard).
• Do not repeat any character more than once in a row like zzzzzzzz.
• Do not use all punctuation, all digit or all alphabetic.
• Do not use things that can be easily determined such as:
• Phone numbers.
• Car registration.
• Friends' or relatives' names.
• Your name or employment details.
• Any Date.
• Never use your account name as its password.
• Use different passwords for each accounts.
• Change the password regularly and do not reuse passwords.
• Do not append or prepend a digit or punctuation mark to a word.
• Do not reverse words.
• Do not replace letters with similar looking numbers. For instance, all of the letters i should not be blindly replaced replaced by the digit 1.
Cracking passwords
The principle behind password cracking is quite simple: take a large word list, encrypt each word and check if the encrypted string matches the user's password. Word lists that are used frequently include English and other language dictionaries, common names, pet names, television and movie characters, character patterns on keyboards (for example, qwerty) and jargon or slang terms.
To allow for the case that the user has not chosen a word in your word list, an intruder can and usually will apply a large number of simple rules to each word in the word list and check if any of these encrypt to the user's passwords. Typical rules include appending and prepending digits and other punctuation characters to words, reversing words, capitalising words, converting words to all upper or all lower case, substituting letters or digits for other letters and naturally many combinations of these. Since computers are fast, applying these rules and encrypting the resulting guess doesn't take much time and a lot of guesses can be made in a very short time.
In addition, a CD based database is supposed to have been produced that contains every word in a large dictionary plus many rule based permutations of these words encrypted in every possible manner. This reduces password cracking to a simple (and fast) database lookup.
How long is a good password?
The simple answer to this is that in general the longer the password the better.
Assuming that you're using a reasonable selection of characters for your password, say letters and numbers, then the following table presents the number of passwords possible for the various choices of length. It also includes an estimate of how much time would be required to crack the password using a brute force attack.
The cracking time field is derived from a report, that claimed the record for the speed of cracking passwords. The claim was that 6.4 million passwords per second could be tested. Given that computer speeds are increasing continuously, the following times are almost certainly over estimates of the actual time required.
Number of passwords for each length
Length Number of Passwords Number of passwords Cracking Time
1 62 Not nearly enough Try this by hand
2 3844 Three thousand Almost no time
3 238328 One quarter of a million Less than one second
4 14776336 Fourteen million Two seconds
5 916132832 Almost one billion Two and a half minutes
6 56800235584 Fifty six billion Two and a half hours
7 3521614606208 Three and a half trillion One week
8 218340105584896 Two hundred trillion One year
9 13537086546263552 Thirteen quadrillion Seventy years
10 839299365868340224 80 hundred and 40 quadrillion Forty centuries
11 52036560683837093888 Lots A quarter of a million years
12 3226266762397899821056 Even more Sixteen million years
What characters should a good password contain?
The previous section assumed that passwords consisted of upper and lower case letters and digits. What happens if this character set is increased or decreased? The following table presents some of the options for eight character passwords:
Number of eight character passwords
Type of Password Number ofCharacters Number of Passwords Cracking Time
7-bit ASCII 128 72057594037927936 Three hundred and fifty years
Printable Characters 95 6634204312890625 Thirty three years
Letters and Numbers 62 218340105584896 One year
Letters only 52 53459728531456 Ninety six days
Lowrcase with 1 Uprcase 26/special 1670616516608 Three days
Lowercase only 26 208827064576 Nine hours
English words: eight letters or longer special 250000 Less than one second
So clearly, the richer the character set being used, the harder it will be to crack passwords. You should attempt to include as a minimum both upper and lower case characters and if possible, you should also include some digits, punctuation symbols and/or control codes in your password.
Examples of how to construct good passwords
So now that typical bad passwords have been discussed, how is a good password constructed? Try combining two or more words together or taking the first (or second or last) letter of each word in an easily remembered phrase. Then mangle the result by adding capitals, digits and punctuation characters. As an extra measure, control characters can also be introduced.
Some examples of using multiple words with punctuation
Here is a pair of good examples of using multiple words:
• gOt%L0st! - got lost!
• heLP4me$ - help for me (money)
And here is a bad one:
• T0gether - to get her
Some examples of using a phrase
Here are three good examples of using phrases:
• rsKf0myH - Raindrops keep falling on my head.
• wru2rxy? - Who are you to ask why.
• bWiIso3! - Beware the ides of March!
And here is a bad one:
• Aaaaaaaa - Always assert an ambiguous axiom and argue aggressively.
Hope you have find it somehow useful!
So take care when you select passwords next time! :-)
______________________________________________________________________________
Publish your articles at iTechno Article World
- Related Videos
- Related Articles
- Ask / Related Q&A
- Choosing A Secure Password
- Secure Password Management - Click Studios
- How to choose a Secure Password?
- Did you forget your password reset security?
- Personal Reviews About Desktop Password Management Tools
- Why Should I Set A Windows Password?
- Strong Passwords Prevent Identity Theft
- Recover Microsoft Office Passwords With Office Password Recovery




High Encryption 256 Bit AES Personal VPN Servers now offered by SurfBouncer
By: Alberto Stellpflug | 04/01/2010SurfBouncer Personal VPN service is now offering High Encryption servers for mission critical applications. These servers are offered at no additional charge to Personal VPN customers. This is the same state of the art, maximum encryption as used by governments and major corporations for top secret work. These are offered in addition to their standard servers located worldwide.
Some Latest Information about mini sd 8 gb
By: Beerbohm Max | 04/01/2010Whenever consumers visit the shop for buying handset always take care of buying memory card suitable according to the handset. In the same way mini sd 8 gb provides the user more space for their daily purposes in the market. Also the mini sd 8 gb helps in storing large amount of data, music and software applications on their phone.
Download LEGO Indiana Jones 2 The Adventure Continues PSP and PSP GO Game
By: Jack Corner | 03/01/2010Are you seeking to download LEGO Indiana Jones 2 The Adventure Continues PSP game? Do you want to know how and where you can download the game for less than $0.01? Do you want to get access to more than 150,000 PSP game titles for unlimited downloads? This article will show where and how you can download the newest and your favorite PSP games. Visit PSP GO Download Center
DVR vs VCR: A Battle in the Security and Spy Equipment Industry
By: Vellard | 01/01/2010The DVR seems to be the technology that wins the match. There is no room for melancholy in the ever-evolving world of security and spy equipment. You can keep up with the surveillance technology at Vellard. Visit now their website at www.vellard.com.au.
How to Delete Antispyware Shield Pro, Quickly and Easily. Uninstall this Spyware Before Certain Destruction!
By: Bob Walker | 31/12/2009One of the top concerns I have while browsing the internet is what files are secretly being transferred via websites of questionable content. Antispyware Shield Pro is an example of a virus that can be installed in this stealth manner through a Trojan. Once installed, this malware will attempt to trick you into purchasing a "full version", which will do nothing but sap you of your money.
Uninstall Malware Defense Easily - How To Remove Malware Defense Quickly
By: Bob Walker | 31/12/2009What's the deal with Malware Defense? Is it legitimate or is it a scam? If you're familiar with viruses, then you know that this software is malicious. It's the kind that will try to corrupt your entire system, block your programs, and scare you into purchasing what it claims as "full protection". It provides nothing of the sort. Its cousins are FakeAlert and AntiMalware spyware. You will want to get rid of this spyware immediately, because if you do not, you will be harrassed with fake warnings
Get In Touch With Norton Antivirus
By: James | 31/12/2009Antivirus has become one of the most essential software these days. Norton antivirus is considered as the most reliable antivirus software. There are many people who want to contact Norton antivirus before buying one. It can be quite easy to get in touch with them either through website or via phone.
Rising demand for Investigating services
By: Sleuth India | 30/12/2009The changing life style reveal the secret. Life today has gained such a tremendous pace that people rarely have time for themselves. This ultra-busy lifestyle coupled with extremely tense job requirements make people very impatient and intolerant. No wonder smallest of issues today lead to major differences.
Home Equity Loan Vs Home Equity Line Of Credit (HEL Vs HELOC)
By: Jennet | 03/08/2009 | LoansThere are many reasons to you may be interested in another mortgage on your home. Reasons that are popular include home repairs, health expenses, bill consolidation or college tuition. A second mortgage is popular for several reasons; one of those is the fact that the interest that is paid on a second mortgage is tax deductible. If you are considering a second mortgage on your home you will need to compare a Home Equity Loan (HEL) vs Home Equity Line of Credit (HELOC).
CB Quantum Honest Review - Scam?
By: Jennet | 01/06/2009 | Affiliate ProgramsThese 2 Clickbank ‘giants’ have just teamed up together to let YOU in on the secrets they have used to swipe 7 figures from Clickbank consistently, year-on-year, since “cracking the CB code.” This revolutionary new secret system is called the CLICKBANK QUANTUM, and it’s already causing commotion in the online community.
Instant Adsense Cash By Justin Martin - Review
By: Jennet | 13/04/2009 | Book ReviewsThis is a great adsense cash first start and an absolute must for basic as well as some advanced information, although if you are well versed in Adsense it may be to basic overall. For starters and intermediates this is well worth the price is you are serious about Adsense revenue!
Instant Adsense Cash By Justin Martin - Review
By: Jennet | 13/04/2009 | Book ReviewsThis is a great adsense cash first start and an absolute must for basic as well as some advanced information, although if you are well versed in Adsense it may be to basic overall. For starters and intermediates this is well worth the price is you are serious about Adsense revenue!
Hello... Who Else Wants To Make Money With Adsense?
By: Jennet | 24/03/2009 | Home BusinessEarning money as an Adsense publisher is so simple, yet people think it takes a lot of time to start earning. Wow are they so wrong! Get this new 2009 year kicked off making money with Adsense in as little as a few days! You can have just a few blogs making you chunks of change, and you get to decide how much money you are going to make.
Profitable Website Flipping
By: Jennet | 05/03/2009 | Internet MarketingOne of the most lucrative yet least talked about areas of making money online is the creation and selling of developed websites for profit.
When Oral Sex Results In A Pregnancy; Can Men Ever Escape Paternity Obligations?
By: Jennet | 25/02/2009 | Health & SafetyIn a lawsuit against his ex-girlfriend, Richard O. Phillips has alleged that about six years ago, he engaged in oral sex with her. Unbeknownst to Phillips, he says, his girlfriend, Sharon Irons, allegedly saved the resulting semen and used it to inseminate herself. A pregnancy resulted, Irons gave birth to a baby, and DNA tests proved Phillips to be the genetic father.
Growing Taller Tips - Naturally Grow Taller Fast With These 5 Secrets
By: Jennet | 21/02/2009 | WellnessDid you know that major companies would rather hire a taller person than a shorter person? This is all because the taller stature represents power and leadership. This is why it is so important for you to discover the techniques that can help you grow taller and in a hurry. Here are some tips to get you started.