Creating Strong Secure Passwords

In Cryptography, Security on June 17, 2006 at 1:14 pm

In this digital age, we use passwords for almost everything: email, banking, Internet access, blogging… You name it!

It is estimated that around 40% of user produced passwords are easily guessed! (Source: Wikipedia). With more and more security reliant on the use of strong passwords, it is more important than ever to learn how to create them.

Avoiding the pitfalls of weak passwords

  • Avoid using names or words which are identifiable to yourself, such as your pet’s name, favorite music artist or birthdate. These can be easily guessed.
  • Do not use words which can be found in a dictionary, as these can easily be broken using a Brute Force attack.
  • Never use default passwords, sequential numbers or keyboard sequences such as “qwerty”.
  • Passwords under 7 characters in length are easily cracked. Try to make them longer.

Tips to create a strong password

The strongest user defined passwords are sufficiently long, random or otherwise unproducable by anyone other than the person who created it.

  • It is best to use a combination of letters and numbers, upper and lowercase and symbols.
  • At least seven digits is required for a secure password, as most computers are capable of deceiphering any password with less characters.

Here are some examples of what a strong password could look like:

  • Kiu+o&1O
  • CRie0_?9la
  • mUK!$Up9ved8-2

The downside of using such seemingly random passwords is that they are difficult to remember, and may pose a security risk in themselves by requiring the user to write them down.

One method of overcoming this is to use a mnemonic or memorable phrase and translate this into a strong password using numbers and punctuation. For example:

My favorite film is Fight Club

Can be translated as:


Which uses a combination of letters, numbers, upper and lower case and a symbol. Obviously it is best to ensure your phrase is not something which is easily identifiable to yourself as this would undermine it’s security.

Another method is to use an “Environ” password, such as was recommended to employees of the UK government. Environ passwords use the following form:

consonant, vowel, consonant, consonant, vowel, consonant, number, number

Which would produce, for example, repsil66. Such passwords are pronouncable phonetically and are therefore more user-friendly as they are easier to remember. However, it is a considerable reduction in “randomness” and also undermines security by the reduction of upper/lower case and punctuation marks.

Many programs and computer systems do not allow the use of symbols in passwords, which is unfortunate as this undermines the security of passwords allowed. However, this may be overcome by adding a couple more letters and/or numbers to generate a password which is more secure because of its length.

Keeping your password safe

Don’t give your password to anyone, and be careful of others watching as you type your password.

It is always best never to write your password down, as discovery can lead to a breach in security. However, if you must write it down, it is recommended that you keep it in a very safe place (such as your wallet), or preferably in a safe or locked box. When writing passwords down, give no indication of a username or what the password is for; it is better to write it on a piece of scrap paper or a business card which bears no relation to its use.

Try to use a different password for each account. However, if this is difficult to memorise, you can compensate slightly by using a less secure password for all of your lower risk accounts and use srtong passwords for those such as online banking which need a greater degree of security.

Useful sources

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: