Passwords 101

We hear about it all the time. Women may use their birthdays or their marriage date. Men often stick to nicknames or their dogs’ names. Proud grandma’s and pa’s use their grandchildren’s names or birthdays.

I’m talking, of course, about obvious passwords. Too many people select passwords that anyone willing to do a little research could guess. Don’t you know the whole street knows your pets’ name? And the 200+ guests who attended your wedding know your anniversary date (even if your husband can’t seem to remember it). Vistors to your Facebook page know the names of your children, your date of birth, or any other information you have posted. 

It is estimated that around three quarters of all passwords in use today are either very bad or inadequate choices. Take this short quiz to see if you know what it takes to make a password secure:

#1: Which TWO methods will increase your password security?  

• a)    Make your password lower case.
• b)    Change your password regularly.
• c)    Use default passwords.
• d)    Use a "pass phrase."

#2: Which of the following passwords is the most secure?

• a)    MyDogFido
• b)    Fido
• c)    mF1~Go0!
• d)    fido3990

#3: Which element should your password NOT include?

• a)    Upper case letters
• b)    Lower case letters
• c)    Numbers
• d)    Special characters
• e)    Words that can be found in a dictionary

#4: Once you’ve created a strong password, you should use it to protect all of your accounts.

• True
• False

#5: You should store your passwords...

• a)    in a document or spreadsheet on your computer.
• b)   on various Post-it notes around your workspace.
• c)    in your wallet.
• d)    written down and placed in a locked drawer or safe.
• e)    You should never write down your passwords, but rather memorize them all.

Answer Key

#1:  B and D

Changing your passwords regularly will obviously boost your level of security. A second method to increase security is to use a "pass phrase." Like Godzilla, size matters in a password. The longer it is, the better. So aim to use a series of words rather than just one word. And always change the default password that is sent to you when you set up a new account.

#2:  C

A complex series of letters, numbers, and symbols will provide you with the highest level of password security. 

Hackers let a computer try every possible combination until they get the correct one. This may sound like a lot of work, but tools are already out there that can do this automatically. Take a look at this table that lists the total possible combinations for an 8-character password:

Now these may sound like bigggggggg numbers, but computers work fast too. Consider that a dual-core processor based system bought from the local Best Buy can try 10,000,000 passwords per second, while a purpose-designed workstation can try 100,000,000 passwords per second. For example, see how quickly the following three passwords can be hacked:

So there it is. The numbers speak for themselves. From this chart you understand that the stronger password is the one that contains a series of special characters, upper and lower case letters, and numbers.

#3:  E

Your password should not include words that can be found in the dictionary. Some may think that picking a really long and difficult word from the dictionary is a good way to choose a password. But hackers have tools to try every word in the English dictionary in your login screen in all of about five minutes. So it’s best to avoid them completely.

#4:  False

Using the same password on all of your accounts is a dangerous decision. If one account is hacked, you can assume that all of your accounts are compromised. Mitigate your risk by using different passwords for different systems and accounts.

#5:  E or D

While E is the best answer here, memorizing all of your passwords is not realistic for most of us (especially if we’re using a mix of special characters, numbers, and letters in each of our different passwords, and are changing them regularly).

For those of us without photographic memories, writing your passwords down is okay, as long as you keep them in a secure place, like a locked drawer in your home, or a safe. Do not store them on your computer – hackers have ways to access your hard drive. And never share passwords over e-mail or instant messaging, or with online storage tools (like Google Docs).   

So how strong are your passwords? It’s worth your time to go through your accounts and upgrade your passwords using the techniques you’ve learned here. Remember, a strong password known only to you is your first line of defense, and could save you headache, money, and time in the future.

_______

-Ali Jawaid