The notion of passwords is not flawed, but rather it is the type of passwords that are commonly used that lead to password or security breaches.
You need to have a complex and a strong password which needs to be changed on a regular basis in order to mitigate a successful password attack on your account. A certain password length and complexity does not necessarily mean that the password is a strong password which is hard to compromise. For example a password of Patri0t$ meets all password complexity requirements. It includes a Capital letter(P), a number(0)and a special character($) and exceeds the minimum recommended password length of 7 characters. However, it is not a very difficult password to crack.
Anyone who knows the person a little bit and are attempting to crack their password can easily make an educated guess based on their favorite food or movie or sports team.
As in any good security scheme, human limitations must be factored into the equation. The problem most people have when they create strong passwords is that they are hard to remember. So they either write it down somewhere is a text file(hopefully not named Password file) or create a single strong password which they use across all accounts (at work, banking sites etc).
So how does one create a strong password that is complex but also easy to remember?
Ok, before we get to that, let us go through some security guidelines for creating a strong password
* Avoid using any words that you can look up in a dictionary. These include common misspellings of words.
* If you follow good security practises and try to change your password every say 6 months, do not just increment a digit or the digit in your current password
* Avoid creating a password that begins or ends with a number because they can be easily guessed that passwords which have a number in the middle.
* Avoid creating a password which someone can easily guess by knowing a little bit about you. This includes names of pets or family members or sports teams.
* Avoid creating a password which includes words for popular culture.
* Always create a password that requires the usage of both hands on the keyboard. Why is this important? So someone who may be looking over your shoulder don’t need to worry about just looking on one side of the keyboard. Again much easier to guess.
* Always have a password that uses uppercase and lowercase letters, has numbers and special characters.
* Make sure that the minimum length of your password is atleast 7 characters.
* Do you know that pressing the ALT key and pressing numbers generates a unique set of characters. If you can do this, I would highly recommend it.
So, back to the original question. How do I create a password that is not only complex, is a strong password, meets the above mentioned password requirements and above all, is also easy to remember. The answer is using a passphrase.
Example security passphrase: The New England Patriots are going to win 2008 SuperBowl
1. Let us take the first letters from the above sentence: tnepagtw2008s
2. Let us make it complex
i. Include Capital Letters: I will make the New England Patriots in capital. So password now is tNEPagtw2008s
ii. Include Numbers: We have numbers but I will strip the 200 in 2008. So password now is tNEPagtw8s
iii. Include Special Characters: I will make the a @ and the s to a $. So password now is [email protected]$
3. You are all set: We now have a strong password [email protected]$ and easy to remember. All you have to do is go through the sentence in your mind when you type in the password.
4. You can have this passphrase for work. Now, when you are at home and logging to your bank account, use a different passphrase say, The Apple iphone is the best phone in the market. Include the techniques mentioned above and you are all set.