Resolve to pick stronger passwords for the New Year.

A surprising number of people still think that January07 is a good password. Admittedly, it does pass the Microsoft password-complexity rules. It has an upper-case letter, several lower-case letters and two numbers. The problem is that it’s an English word with the capital letter at the front and the numbers at the end. English-speakers have a natural tendency to follow this pattern. We know it – and the hackers know it too. That password can be cracked in under 30 seconds.

Pick whole sentences for your password. A whole sentence (including spaces and punctuation) makes a very strong password that is easy to remember and to type. Windows accepts any key on the keyboard in your password (and some that aren’t on your keyboard) and allows it to be up to 127 characters long. You only need a 4 or 5 word sentence to make a very strong passphrase. I particularly like sentences from children’s counting books.

For systems with limits on password length or allowable characters (like mainframe accounts), you can keep your passwords in synch by using rules to transform your sentence into a shorter code. For example, you could start with the number of words in the sentence, then take the second and last letters of each word in the sentence, capitalizing each third letter. As long as you follow the same rules each time, you can consistently convert your easy-to-remember passphrase into a strong random-looking password.

Remember – your password is the key to all of your electronic defenses. Keep it safe, never share it and pick them strong enough that they can not be easily cracked.

Leave a Reply