How to Choose a Good Password

Author:	W. Brian Dill
Created:	2007-04-26
Updated:	2007-04-26
Show Until:	2007-10-26

Good Passwords Are:

Unique. Do not use a password you already use for another account, such as your bank account PIN.
Difficult to guess. Don't use common words or names.
At least 7-characters long. The longer the better
Made up of both lower and upper-case letters and numbers (and special characters if allowed)*.
Kept secret. Don't reveal it to anyone - not your secretary, your sysadmin, or even your spouse**.
Changed often - especially if you suspect that they may have been compromised.

Bad Passwords Include:

A complete word from any dictionary (English or other);
Your login name in any form (as is, reversed, capitalized, doubled, etc.);
Common names, such as the names of family members, pets, or friends;
Based on any information easily obtained about you (e.g., license plate numbers, telephone numbers, employer, school name, automobile brand, street name, etc.);
All the same digit or letter (this significantly decreases the search time for password cracking software);
Any obvious sequence of characters (e.g., 123456);
Obvious to anyone watching you enter them (such as qwerty).

Help In Creating A Good Password

Use the first letter of a sentence that would only have meaning to you.
Ex: "My daughter, Jenny loves to each chocolate chip cookies after dinner." This would result with: MdJltecccad. This 11 character password is incredibly easy to remember, assuming you have a daughter named Jenny who loves to eat chocolate chip cookies after dinner. Once you try it, it's almost fun thinking up sentences. "My good friend Ralph drives a 99 Honda Accord." -> MgfRda99HA.
Combine two or more words with some numbers thrown in for good measure.
Ex: Giant9underground, upper132cardboard, Greek39countermeasure, etc.
For the ultimate in security use a random password generator from GRC, or this one from HotBits (using radioactive decay)
While it would be nearly impossible to use a big random string as your full password, you could use a small chunk of the random string at the end of a password to make it much more secure, and not too hard to remember. For example, bank is an insecure password, but bank-mLwh is much more secure, but is much easier to remember than a big random string like 4BRLGmLwh

I Can't Remember All Of My Passwords!

If you're like most people, you have dozens of passwords for various websites. I usually don't have trouble remembering the passwords that I use daily, but I almost always forget my password for sites that I rarely frequent. I had to write them down somewhere.

Bad:	Writing passwords down on a piece of paper or sticky note and keep it next to the computer.
Worse:	Making a text file called "passwords.txt" containing all your passwords. (or Word document or Excel file)
Worst:	Using a trivial password so it is easy to remember. Ex: "pizza", "kitty", etc.

Solution:	Use a secure tool designed to encrypt passwords such as KeePass. It's free, secure, and pretty easy to use.

* Many web-based logins don't allow the use of special characters for technical reasons.
** Of course this isn't always possible. If you share a bank account with your spouse, you are likely to share the password for the online banking account.


Home	MIDI	Lyrics	Bio	Links	Contact	Guestbook


Name
Subject
Opinion

How to Choose a Good Password

Good Passwords Are:

Bad Passwords Include:

Help In Creating A Good Password

I Can't Remember All Of My Passwords!

Talk Back