This article discusses some techniques and advice on how to create a strong password.
Choosing a strong password
Below you will find several techniques to create a strong password:
- The password must be at least eight characters long, preferably longer. The longer the password, the less susceptible it is to brute-force attacks.
- Use a combination of lowercase and uppercase characters, numbers, and punctuation.
- Place a punctuation mark in the middle of a word (for example, vege%tarian).
- Use some unusual way of reducing the word. Don’t use an apostrophe.
- Come up with an unusual phrase, and then take the first, third, or last letter of each word. Add a capital letter, a punctuation mark, and one or two numbers.
- You can intentionally misspell one or more words to make the password harder to crack.
- Combine several of the above techniques.
- Use a phrase or word that no one would ever have thought of. The best password is one that is completely random for everyone but you. Use your imagination!
How not to choose a strong password
Here are some guidelines for what not to do when choosing a password. You should avoid these techniques when you create a password:
- Do not use dictionary words.
- Do not use your username or real name.
- Do not use anyone else’s name.
- Do not use any word in a cracking dictionary. A cracking dictionary contains lists of words that attackers use to try to crack passwords (this is also known as a dictionary attack). These lists include abbreviations, cartoons, character patterns, machine names, famous names, female names, male names, Bible citations, movies, myths, numeric patterns, short phrases, places, science fiction, Shakespeare, songs, surnames, and just about anything else you can think of.
- Do not use any of the above techniques with a single character before or after it (for example, happy1).
- Do not use any of the above techniques with capitalization (for example, Penguin or Walrus).
- Do not use any of the above reversed (for example, reversing cat to tac), doubled (cat to catcat), or mirrored (cat to cattac).
- Selecting a word and substituting some characters (for example, changing password into [email protected], or supersecret into sup3rs3cr3t). Attackers are well aware of these substitutions and can crack them.
- Do not use keyboard patterns (for example, qwerty or nbvcx). Cracking programs look for these types of patterns in passwords.
Safeguarding your password
You should never share your password with anyone else. You should also never write it down. The strongest password in the world won’t do much good if you write it down and someone else sees it, or if you share it with someone else (someone shares it with someone else, and so on).
Finally, if you receive an email from someone claiming to be an administrator, security professional, or some other important person asking you to change your password, don’t do it. This is a popular scam to fool the unsuspecting.
Looking for reliable protection for your site? Get the right level of website protection with our SSL options