It’s that time of the year when you are starting fresh. New pens, new notebooks, and new accounts. But one thing does not change so often… that one password you’ve used for ever and for everything. How nice would it be to think of a password that works for everything just when you need it? Nice. So let’s make it happen.
My Weak Password
racoon77 Average time to crack this? 11 minutes with a regular computer according to howsecureismypassword.net. racoon77 is weak as a password because:
- At 8 character in length it is short.
- Words followed by digits is the most common pattern of passwords.
- It does not include any capital letters, nor special characters.
If you are interested in who would try to break your password and how they would do it, read How I’d Hack your Weak Password.
Creating a Hard Password to Crack
For a long time, I recommended that people create passwords which showed complexity in their writing. Using anagrams, backward spelling, the initials of a sentence interspersed with special characters and numbers created a wonderful mishmash of characters: v5jE%04 (20 days to guess) is a great example. The problem with this? The user. Because this is a random string which may not hold much meaning, you are less likely to type it, let alone remember it correctly. This may not be its only weakness. In his Wired article, Anatomy of a Hack, Dan Goodin argues that even a complicated password may still be easy to crack if it is too short.
Today, I’ve come back on my original recommendations. A password should be difficult to guess, not to remember. I now have two suggestions when creating passwords:
- Make them long. Shoot for at least 12 characters.
- And just as important as having a strong password: use a different password for every account you use.
Sounds tough? Not necessarily so. Let me show you a quick recipe to create strong passwords.
Strong Password Recipe
Start with a number
Pick two letters from the site you are trying to log into (first two, last two, two consonants, etc.)
LE for GoogLE
Add a special character (tip: don’t add something too special, you want to make sure all sites will accept it. Hyphen – or @ are typically OK)
– (hyphen, i.e. the minus sign)
Now add some random words. This is the best way to achieve a long yet memorable password.
time sunset tree
An 18 character long password with 9 decillion possible combination should take 91 quadrillion years to crack. Added bonus: you can now create a different password for every single site you log into.
How to Replace Your Old Password
Now that’s a process. I recommend you start with the 10 sites you use the most. Keep a list of those sites. Then every time you login to a site which still uses your old password, replace it and add the site name to your list. It’ll take time, but this should take a lot of the pain away, and buy you some peace of mind.
With your new combination, you’ll even match experts recommendation of a password with “a minimum of 11 characters, containing upper- and lower-case letters, numbers, and letters that aren’t part of a pattern” (Dan Goodin, Wired).
How long does it take to break your new password? Tell us in the comment section below.
[icon name="fa-cc"] STANDARD 4: promote and model digital citizenship and responsibility