William Noyes Technology Services

A lot has been written about the importance of strong passwords. However, in my daily job, and in visits to clients, I frequently run across users with short, easily quessed passwords. A good password is a balance between complexity and ease of memorization. If a password is incredibly complex, it will likely be a strong password, but if the user cannot remember, they’ll write it down and stick it on the monitor.

Password Length: Here’s a case where size matters. Longer is better. 8 characters is about the minimum you should consider, with 10-12 being much better. The number of combinations increases exponentially with every additional character.

Complexity: Passwords should be a combination of at least two of the following: uppercase letters, lowercase letters, numbers, and symbols.

Avoid Obvious Connections: Avoid things like your birthday, significant other’s name, pet’s names, that co-workers or acquaintances would likely know. You’d be surprised how many people use their pets name, when the name is written below the picture on the bulletin board.

Avoid dictionary words: Many techniques for cracking passwords rely on lists of words, if your password is a word on the list, or contains a word on the list, it will be easier to crack.

How to build a password: There are many techniques for developing passwords:

• Password generators. You can find programs online that will generate random passwords of various lengths. Run the program repeatedly until you spot one you can easily remember.
• Mnemonics. Use a easily remembered sentence or phrase, using the first character of each word. Alternatively use the second or last letter of each word. Add a number or symbol somewhere in the middle where it makes sense.
• Textspeak. Youth these days use abbreviations frequently with numbers or symbols when chatting or texting. Think of a word or phrase that can be re-written with letters and numbers, think of Vanity license plates on cars (not your own).
• Combine a word that is significant to you with a number that is also significant. Interleave them. So if your favorite restaurant is Harvey’s and your dog’s birthday is 12-18-05, you could use H1a2r1v8e0y5’s or some other pattern.

Change it frequently: Try to change it at least several times per year. Your employer may have a policy about how often to change. And don’t just add or change a number at the end. If someone has discovered your password, and it suddenly doesn’t work, the first thing they’ll try is adding a 1 to the end.

So put your thinking cap on, think of a new password, and change it.

Bill