How Safe Are Your Passwords?
Having a secure password for online accounts is a basic requirement for online security. While the components of a secure password are straightforward, creating a secure password that is easy to remember, can be difficult. It's the remembering that is the hardest part.
Generally, secure passwords contain most, if not all, of the following features:
- A minimum of 8 characters
- At least one uppercase letter
- At least one number
- At least one symbol (although some online accounts do not allow for this)
If you want to check your passwords for their strength, have a look at the Password Strength Checker on the Password Meter Website. Just type in your password and see how it scores.
One easy way to make your passwords more secure is to change one letter to an uppercase and substitute numbers or symbols for other letters in your current password. For example, you could use a zero for an o, a 1 for an l or i, a 5 for an s, or the @ symbol for an a. For example, password could be changed to P@55w0rd (which changes the score from 8% – Very Weak to 86% – Very Strong).
To be the most secure, we should have different passwords for each online account – but who could remember all those different passwords? It is possible to have your computer remember your password for you, through software management software or your browser. However, this will not be of help when using someone else's computer or a public access computer, such as a library computer.
The security experts at Mozilla (the company that created the Firefox web browser) have created an elegant way to create a secure password, have it be unique on each online website, but still be easily memorized. The method is to chose a phrase that you will remember. If applicable, change words to numbers. Reduce the phrase to just the first letters in each of the words and then add some symbols. To make each password unique, add the first letter and the next two consonants of the website to the end of the password.
For more details on this method, have a look at this video:
Related posts:
The Password is Dead…Long Live the Password…
Google's Take(Away) on the Password
2 thoughts on “How Safe Are Your Passwords?”
I think a password such as “P@55w0rd” is only strong in theory. Above and beyond the fact that it’s mentioned here it’s just too obvious. It’s bound to have been thought of by a lot of people and will likely be included in the lists of words to try that brute force programs use. I have mixed feelings about straightforward character substitution for this reason.
The best way to defeat brute force attacks is to use services that limit the number of attempts to log in. My relatively old blackberry does this. 10 strikes and you’re out (a typical brute force attack must make thousands of attempts to crack even a weak password).
One other note. I don’t use my actual password on those sites that test your passwords. Call me paranoid but basically I am reluctant to give my password data to an unknown agent. I do use these sites though, but I substitute an analogous password. Something that has the same number of upper lower numeric and symbolic characters.
Using P@55w0rd as an example I substituted the same number of upper lower symbol and number characters: Fe66r9eg I got the same score, as I did for the “real” password. (It’s 75% now which shows that the password meter is continually adapting)
P@55w0rd was intended only as an example of how a very weak password could be made stronger by substitution, not as a recommended password. I agree with you, all possible combinations of substitutions for the word ‘password’ are most likely on the lists of brute force programs and therefore should never be used.
My goal with this post was to encourage anyone with a very weak password, but who was loath to change it due to a fear of forgetting it, was to make their password more secure either through substitution, or even better, through the method suggested by Mozilla’s staff.
Thank you for not only taking the time to read the post, but also for adding your valuable comments and opinions.