“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months”, (Clifford Stoll).
Avoid common passwords There is software readily available with the sole purpose of accessing your stuff. This software will try thousands of common passwords such as 'password', 'password1', '123456' and 'qwerty'.
If it has no luck with those, it will move on to names… 'John', 'James', 'Julia' and to a character by character comparison 'AAAAAAAA', 'AAAAAAAB', 'AAAAAAAC', 'AAAAAAAD' ….and so on and so on.
So how do we get a good safe password?
- Never write it down, so make it memorable.
- Never use sequential numbers 12345678, or letters ABCDEFGH or keyboard sequences QWERTY, ZXCVBNM, or repeat digits AAAAAAAA, ££££££££, 33333333.
- Avoid your name, your partners name, your dog's name, your date of birth, your address or your postcode.
- A good password will be a minimum of eight characters long (most things won't let you use a password less than eight characters). Use upper and lowercase letters 'A - Z', 'a - z'. Use numbers '0 – 9' and special characters !"£$%^&*…etc. Please note a space is considered a special character.
So something like 'He42£u5&' (This is a good safe password that would take today's technology about five years to crack!
Job done? We have a very safe password. That we can't write down. And is so safe we can't remember what it is!
Retinal scanners are still way to expensive, so lets break it down a bit to see what do we can we do.
- Using 'josh' - Simple to remember all lowercase. Would take today's technology less than 1 second to crack.
- 'Josh' - Still simple but with an uppercase letter, less than 1 second.
- 'Joshua1' - Slightly longer with a number and uppercase letter, 15 hours.
- 'Joshua 12' - With a space, uppercase letter and two numbers, 1 year to crack.
Pass Phrase Now we are getting somewhere, but we are moving more into the territory of the ‘pass phrase’. The pass phrase is easy to remember, easier to fill all the criteria of a good safe password and much more secure.
So what do we mean by a ‘pass phrase’? If we use - 'Joshua Jones 11-10-06' …covers all the bases, still easy to remember and this would take today's hacker about 3 septillion years (3 followed by 42 zeros or 3,000000000000000000000000000000000000000000 years ) to crack!
If remembering dates is not your thing, Try... 'my 1st grandchild is called Joshua'. Rolls off the tongue, its safe, and would take 612 quattuordecillion years (812 followed by 84 zeros 612,000000000000000000000000000000000000000000000000000000000000000000000000000000000000 years) to crack!
Using 'My Name Is Ben' would still fill all the criteria, but would not be the smartest of phrases to use as my name is Ben. But as you can see building a pass phrase unique to you without being too obvious could go a long way to protecting your online world.