Guide to Creating Strong Passwords
Why do I need a strong password?
We want to believe that we live in a world where people "just do the right thing", but experience tells us that is not true. My company requires the use of strong passwords because we understand that there is an Internet "underground" full of people who cause damage and distress, just because they can, or more commonly, for profit. These people will use scanning programs that randomly search the Internet looking for servers and computers, and then scan the servers for access by looking for easy to crack passwords. Most of the time, they don't care who you are or where you work - they just want in to your computer so they can use it for their purposes.
This guide is intended to help you create strong passwords and remember them.
Creating Strong Passwords:
Your password must contain characters from at least 3 of the following 4 (all 4 is better!) classes and be 8 characters or longer to be considered strong:
Description
1. Upper Case Letters
2. Lower Case Letters
3. Numbers
4. Special characters (punctuation/symbols) ex. ({},.<>;:"'/?|`~!@#$%^&*()_-=+)
- Your password may not contain your e-mail name or any part of your full name (see our "Passwords to avoid" at the end of this guide).
- A complex password that cannot be broken is useless if you cannot remember it. For security to function, you must choose a password you can remember and yet is complex.
- Here are a couple ways to create passwords you can remember:
First letter of every word in a phrase or song:
My son is 5 years old = Msi5!YOld
I have lived in California for 5 years now = IhliCf5#yN
The Devil went down to Georgia = TDwd2GA
The Lord is my shepherd and I shall not wander = TLims&Isnw. (you can use the period and symbols (including the "space") in Windows and a lot of websites)
Mash up a pet's name with numbers:
Buster = bust1936R (ok, it's Buster with Grandpa's birthday in the middle and a capital R at the end)
Spot = spot#611 (ok, it's Spot with a zero and our home address at the end)
REMEMBER - NO STICKY NOTES ON THE MONITOR OR UNDER THE KEYBOARD!!!
Ok, but why letters, upper case, lower case, etc.?
There are 2 kinds of password cracking programs- dictionary scanners and brute force attackers. Dictionary scanners are literally loaded with every word in the dictionary (usually multiple languages) and they try every word in the dictionary. Trying every word in the English language usually takes a modern computer about 2 minutes, which makes using a word as your password a very bad idea.
Brute force password cracking programs try different combinations of letters and numbers at an average rate of 100,000 tries per second. Faster computers work at 200,000 or more tries per second.
Passwords to Avoid at all costs:
- The words "password", "passcode", "admin", "letmein" or any form of those words
- Rows of letters from a keybaord - for instance "qwerty" or "asdf"
- Your username or login name
- The name of your significant other, or a relative or pet
- Birthplace or the birthplace of your relatives or significant other
- Automobile license plate numbers
- Office or cell phone numbers
- The simple modification of any of the preceding by adding a number to it (especially a 1) or reversing the order of the letters.
- Swear words
Gloss