Refer to this article whenever you need to create a strong password. You can create a password using your own brain or a password generator. I always use the first suggestion: my brain. In this article I will reveal a technique that I use. It allows me to create powerful, complex passwords that are also easy to remember.
General Password Guidelines: DO NOT create or choose a password that can be associated with you, such as:
- your surname or family name
- names or surnames of other family members
- pet names
- date of birth`s
- street adress
- license plate number
- name spelled backwards
Password Guessing: the most common password cracking method is to try a combination of words or numbers:
- names, surnames
- family names
- friends names
- date of births`s
- favorite places
- etc
Preventing password guessing attacks: the answer is simple - create complex passwords.
Example:
tom123 - is a weak password
123tom - is the same (spelled backwards)
t1o9m90 - this is much better
123tom - is the same (spelled backwards)
t1o9m90 - this is much better
Here's how I did it: Let's assume that my name is Tom and I was born in 1990. First, I need to remember the password. It could be my date of birth. If I use "tom1990" is a weak password. However "t1o9m90" is better...not perfect but better when compared with "tom123".
TIP: This is a decent password against "manual" guess attempts. A person that will try several passwords on your webmail account such as (Gmail, Yahoo, Hotmail) will fail. Not to mention that all major email providers will block password guessing after three failed login attempts. Do not use this technique for military secrets, hardware encryption or bank accounts.
Another example:
My lucky number is : 15
My favorite car is : ferrari
My favorite color is: blue
My favorite car is : ferrari
My favorite color is: blue
The result:
15ferrariblue
Easy to remember but not a decent password. If I wanted a stronger password made of these two words and that number I would use this:
1ferrblueari5
Use your imagination
You can create powerful passwords using common names or words. The rule is simple: combine words with numbers and if possible add at least one special character such as:
~ ! @ # $ % ^ & * () _ +
All security experts recommends the use of special characters.
How to create an unbreakable password.
Note: Unbreakable password term is relevant for people that use "offline" encrypting software. Hard Disk software encryption tools such as TrueCrypt, DiskCryptor and others can benefit from powerful passwords. The term of "unbreakable password" used for a webmail or any other service that requires a connection to the Internet is useless. A victim of a malware infection (with keylogger or rootkit), phishing or Internet connection-sniffing loses all the benefits of a secure password.
The disadvantage of an unbreakable password: it is hard to remember.
The advantage: maximum security
Example:
I will use this word: invincible
I will use one special character(`) and the following numbers: `123456789
I will use special characters: ~ ! @ # $ % ^ & * (
I will use one special character(`) and the following numbers: `123456789
I will use special characters: ~ ! @ # $ % ^ & * (
I could use this password:
invincible`123456789 ~ ! @ # $ % ^ & * (
It would be a decent password but I want a better one:
I ` ~ n 1 ! v 2 @ I 3 # n 4 $ c 5 % I 6 ^ b 7 & l 8 * e 9 (
How to remember complex passwords?
You only need to look at a keyboard and remember the word invincible and the order of your arrangement (mix) based on this:
invincible
`123456789
~ ! @ # $ % ^ & * (
The following table reveals the order that I used for this password.
Conclusion: Be creative, create your own password, do not copy a password from somewhere on the Internet (including password generators). Do not associate your password with your favorite sport team. Do not associate your password with a famous name such as the name of your favorite movie star or even the name of a well known brand like your favorite drink, soap, car etc.
Remember this: if someone will steal your password using a phishing method, keylogger, trojan or anything else - it becomes useless. Passwords can be intercepted (when connected to the Internet), to avoid this you need to make sure that you use secure (encrypted) connections. Check the login URL addresses to start with “https:”. If you see only “http:” your password can be intercepted. Additionally, you can use a VPN service.
If you still can’t remember complex passwords, use a software like Password Safe or KeePass. At least they encrypt your passwords and you have to remember only one main password to access all the others.
If you still can’t remember complex passwords, use a software like Password Safe or KeePass. At least they encrypt your passwords and you have to remember only one main password to access all the others.
