Monthly Archive for September, 2011

Building a better password

How strong is your password?

A good password is:

  • long (10+ characters)
  • easy to remember, but hard to guess

Which appears to be a more secure password:
D@v3nP0rt!” or “Panther Pounce 2011“?
While “D@v3nP0rt!” looks like an extremely complex password, it is actually relatively easy for a computer to guess.
Panther Pounce 2011” is a significantly stronger password, in that it will take a computer significantly more time to guess it. It is also likely to be easier to remember, since it is simply two normal words and a year combined with spaces in between. This style of password is commonly known as a pass phrase.

Simple passwords such as a the name of a child or pet, a birth date, or the name of a significant other can be easily guessed by people with a minimal amount of research. Often a quick look at a few facebook postings is all that is required to gather a good number of potential passwords. Similarly, computers can easily guess certain types of passwords. Their approach is typically to try all possible password combinations in the hope of hitting the right one. While this sounds like a lot of work, modern computers can try thousands of passwords per second, and quickly work through all possible character combinations for short passwords. Given a sufficiently powerful computer it is even possible to attack longer passwords.

Would you like to test the strength of your password? Microsoft has provided this tool for checking password strength. It is safe to enter your password into the Microsoft tool because

  1. You are only prompted to enter your password, not your account name or user ID
  2. The website is encrypted to protect your data

The Microsoft tool linked above provides an easy way to test the strength of your password and improve it if necessary. Try it out with the examples provided above and test some passwords that you think would be strong or weak.