![Picture](/uploads/2/5/5/8/25585870/5317843.png)
by Mike Disher
Last week we began this series on passwords and password management by laying out a foundation for the need for varied and strong passwords. Because I respect your ability to read (you're reading this!) I'll dispense with the pull on my sense of normalcy that says I should review. If you need to, feel free to scroll down and read last week's post.
Our intent this week is to come up with strong passwords and to do that we need to know why! I'm not going to hesitate in saying that across the board most passwords are pretty easy to guess. Some will use their last name with 123 appended, or their dog's name, or someone's birthday or even their phone or social security number, Heaven forbid! Believe it or not, some of the most common ones are as simple as 123456, Password, letmein, abc123...things that are so common and so easy for (and YES they are out there) the bad guys to guess! Not only are they easy for a human to guess, it takes sophisticated computer programs, which are easily available for those seeking them, much less time to figure them out. Some of those programs do things as simple as trying all the words in the dictionary. Tedious for us...but computers don't care. We just tell them what to do and they do it and then report the results.
So if your password has only numbers in it, and let's just use a 5 digit long password, how many possible combinations are there? We have use some simple mathematics to figure this out. Each digit in the 5-number password could have 10 different numbers, right? 0-1-2-3-4-5-6-7-8-9. So position 1 can have 10, position 2 can have 10, position 3 could have 10, position 4 could have 10 and position 5 could have 10. Mathematically we say there could be 10 x 10 x 10 x 10 x 10 possible combinations or 100,000. That would only take a computer program a few seconds to go through all the options before it methodically landed on the correct one.
Now if we add the letters of the English alphabet to the mix, and again stay with a 5 character password, what does that do to the number of possible combinations? Now each of the 5 positions could be any one of the 10 numeric digits OR it could be anyone of the letters of the alphabet, right? Yes! PLUS, the letter could either be capital or lowercase, so now each position could have 10 (numbers) + 26 (lowercase letters) + 26 (capital letters) or 62 possible characters. Thus, there are now 62 x 62 x 62 x 62 x 62 or 916,132,832 possible combinations. That's over 9,000 times more possibilities, but for a computer, its still an easy task...it just takes longer.
Remember, we were only using a 5 character password, which I never recommend by the way. For every additional character you add, if all you are using is numbers and letters, you make it 62 times more difficult and time-consuming to figure out. In fact, my little calculator doesn't have enough digits to show the results if I carry this out to an 8-digit password with all its options. And we've also got punctuation and other special characters that can be used which will exponentially add to the complexity of your passwords.
When you start getting this strong with your passwords, you cross-over into the years as far as how long it would take for sophisticated computer programs to decipher your passwords. But truth be known, there is no such thing as a perfect password or perfect security! There are only levels of comfort you can feel about how secure your personal information is.
Get the picture? So this is why all those annoying IT people tell you that you should (and some require) you to have strong passwords. And I'm not going to back down from my position on this, either...so get ready for my definition of a desirable strong password.
7 Requirements for Strong Passwords:
1. NO dictionary words
2. AT LEAST one capital letter (preferably 2 and NON-adjacent)
3. AT LEAST one number
4. AT LEAST one special character
5. AT LEAST eight characters long (10 or more is better)
6. NO repeating characters
7. FREQUENTLY changed
An example of a strong password might be something like this:
Str0n&Pw
In this case, I wanted to just use the word strong and the abbreviation for password which was PW...thinking I could remember it. So I capitalized the "s" in strong and the "p" in password and replaced the letter o with a Zero and instead of a "g" I used an ampersand character. Anything I replaced made sense to me, so then I just had to remember I capitalized the first character of each word in my secret "passphrase" and I'm good to go!
The very best passwords, in my opinion, are a random generated series of ten letters, numbers and symbols that have no relation or logic behind them at all. Granted, these are very difficult to remember, especially if you have several to keep track of, but it would be the closest to perfect scheme for the average user.
Hang on, though, you are probably saying! When I last counted I had over 20 different sites and services requiring passwords (some of you have several times that many) and they each have different requirements. Some of them have to be changed every few weeks, some every few months, and some never ask me to change them. How can I possibly keep them all straight and still follow all these rules you so strongly suggest I follow?
AHHH...that's the reason for part 3 in our series which will be posted next Monday! Be sure to check back in on April 14th and I'll answer that and other questions!
- - - - - - - - -
Check back with http://dishtech.weebly.com weekly as we present “THE DISH” on topics of interest for the technology curious!
Last week we began this series on passwords and password management by laying out a foundation for the need for varied and strong passwords. Because I respect your ability to read (you're reading this!) I'll dispense with the pull on my sense of normalcy that says I should review. If you need to, feel free to scroll down and read last week's post.
Our intent this week is to come up with strong passwords and to do that we need to know why! I'm not going to hesitate in saying that across the board most passwords are pretty easy to guess. Some will use their last name with 123 appended, or their dog's name, or someone's birthday or even their phone or social security number, Heaven forbid! Believe it or not, some of the most common ones are as simple as 123456, Password, letmein, abc123...things that are so common and so easy for (and YES they are out there) the bad guys to guess! Not only are they easy for a human to guess, it takes sophisticated computer programs, which are easily available for those seeking them, much less time to figure them out. Some of those programs do things as simple as trying all the words in the dictionary. Tedious for us...but computers don't care. We just tell them what to do and they do it and then report the results.
So if your password has only numbers in it, and let's just use a 5 digit long password, how many possible combinations are there? We have use some simple mathematics to figure this out. Each digit in the 5-number password could have 10 different numbers, right? 0-1-2-3-4-5-6-7-8-9. So position 1 can have 10, position 2 can have 10, position 3 could have 10, position 4 could have 10 and position 5 could have 10. Mathematically we say there could be 10 x 10 x 10 x 10 x 10 possible combinations or 100,000. That would only take a computer program a few seconds to go through all the options before it methodically landed on the correct one.
Now if we add the letters of the English alphabet to the mix, and again stay with a 5 character password, what does that do to the number of possible combinations? Now each of the 5 positions could be any one of the 10 numeric digits OR it could be anyone of the letters of the alphabet, right? Yes! PLUS, the letter could either be capital or lowercase, so now each position could have 10 (numbers) + 26 (lowercase letters) + 26 (capital letters) or 62 possible characters. Thus, there are now 62 x 62 x 62 x 62 x 62 or 916,132,832 possible combinations. That's over 9,000 times more possibilities, but for a computer, its still an easy task...it just takes longer.
Remember, we were only using a 5 character password, which I never recommend by the way. For every additional character you add, if all you are using is numbers and letters, you make it 62 times more difficult and time-consuming to figure out. In fact, my little calculator doesn't have enough digits to show the results if I carry this out to an 8-digit password with all its options. And we've also got punctuation and other special characters that can be used which will exponentially add to the complexity of your passwords.
When you start getting this strong with your passwords, you cross-over into the years as far as how long it would take for sophisticated computer programs to decipher your passwords. But truth be known, there is no such thing as a perfect password or perfect security! There are only levels of comfort you can feel about how secure your personal information is.
Get the picture? So this is why all those annoying IT people tell you that you should (and some require) you to have strong passwords. And I'm not going to back down from my position on this, either...so get ready for my definition of a desirable strong password.
7 Requirements for Strong Passwords:
1. NO dictionary words
2. AT LEAST one capital letter (preferably 2 and NON-adjacent)
3. AT LEAST one number
4. AT LEAST one special character
5. AT LEAST eight characters long (10 or more is better)
6. NO repeating characters
7. FREQUENTLY changed
An example of a strong password might be something like this:
Str0n&Pw
In this case, I wanted to just use the word strong and the abbreviation for password which was PW...thinking I could remember it. So I capitalized the "s" in strong and the "p" in password and replaced the letter o with a Zero and instead of a "g" I used an ampersand character. Anything I replaced made sense to me, so then I just had to remember I capitalized the first character of each word in my secret "passphrase" and I'm good to go!
The very best passwords, in my opinion, are a random generated series of ten letters, numbers and symbols that have no relation or logic behind them at all. Granted, these are very difficult to remember, especially if you have several to keep track of, but it would be the closest to perfect scheme for the average user.
Hang on, though, you are probably saying! When I last counted I had over 20 different sites and services requiring passwords (some of you have several times that many) and they each have different requirements. Some of them have to be changed every few weeks, some every few months, and some never ask me to change them. How can I possibly keep them all straight and still follow all these rules you so strongly suggest I follow?
AHHH...that's the reason for part 3 in our series which will be posted next Monday! Be sure to check back in on April 14th and I'll answer that and other questions!
- - - - - - - - -
Check back with http://dishtech.weebly.com weekly as we present “THE DISH” on topics of interest for the technology curious!