I here very often “I have too many passwords to remember.” or “This password is too hard” or “Why do I have to change my Password so often?
Making a simple passwords nearly unbreakable is a cinch.
“One UPPER, One lower, One number, and a Bunch of characters.”
The way it works:
When a “hacker” is trying to break a password they have to “guess” the WHOLE password at once.
There is no way to know how many characters they got right. For this reason they use lists of the most frequent passwords people use followed by a 0 or a 1 etc, then on to dictionary words and then all of them followed by numbers. This process could take anywhere from a few seconds to a couple of hours depending on whether or not they have access to the machine or if they are trying to log in remotely.
Because of these practices administrators implemented rules to make you vary the characters in your passwords. Upper case, Lower case, number and symbol. But, adding these to an already dictionary definable password adds very little time to the process. All you have to do is try all the dictionary words with a cap at the beginning and/or a number at the end. What ends up happening is a cat and mouse game with the hackers. You slightly vary the same password and they slightly vary their methods and the circle continues.
Names, or a words that can be found in a dictionary effectively count as 1 character. So if you use “pencil1”. Then you essentially have a 2 character password. When the intruder tries to break in they’ll use the whole word “pencil” and then a “1” and be granted access. This is why using symbols, numbers, and initials in various cases works the best. Each character has to be guessed independently and correctly with every other character.
To break this cycle Steve Gibson of Gibson Research Corp. figured out that it is not the varied characters but the length of the password that counts. The same rules for creating a password apply (but simpler) and you add length. 12 characters is the minimum. Hang with me I’m going to personalize the info in the video above.
Follow along with me and build your own.
1. Take the initials of your favorite band/child/church/beer whatever:
2. Make the second character lower (since we are used to Capping first letters)
3. Add a number to it (like your birthday or birth month or anniversary or your street number, etc)
Simple huh, you can remember that.
4. Pick a symbol on your keyboard that you use like to use. (I like the tilde) Add at least 8 of them to the 4 characters we’ve already used and you have a 12 character password that you can easily remember.
Here are the results from https://www.grc.com/haystack.htm for the password we just created (1.74 Hundred Billion Centuries):
To use the generator in the video and for more info on building secure passwords like this you can check out: https://www.grc.com/haystack.htm
Another tip: Use a completely different password for your email than any other service you use.
WHY? lots of websites use your email address as your username. If you use the same password as your email account then they (or an employee of theirs) will have what they need to log into your email.