What is a good password anyway? Well, that's a tough question.... it's easier to say what a good password is not, rather than what a good password is. A good password is a string of text that anyone other than you is unlikely to guess when thinking of you. A good password is something that is difficult for a computer to guess using a dictionary, or brute force attack.
I hear crickets.
You're thinking, "WTF" again, aren't ya? A dictionary attack is, simply put, using a simple computer program to try every word in the dictionary as your password. Does this take long? Not really. Computers are pretty darn fast these days. At this point, I'd like to insert some nifty statistic about exactly how darn fast computers can try every word in the dictionary, but I can't find that stat on the web right now. Pretend I told you some astonishingly fast number, because in reality, it probably is.
"So what is a brute force attack then?", is probably something you're not asking, because you don't care. Personally, I don't blame you. Computer security is actually pretty boring stuff that most people don't care about. But pretend you're me and that you do care. A brute force attack is when someone uses a computer program to try every possible combination of letters, numbers and/or symbles. Typically this can be a pain in the ass, because quiet frankly there's a crapload of possible eight plus digit combinations when you have to consider lower case letters, upper case letters, numbers AND symbols.
Since I'm such a good mind reader, I now realize you're thinking, "WTF is this guy rambling on about? Why can't he just tell me how to make a decent password?"
Fine! Be like that! I'll make a stupidly long story a little shorter.
Here's how you make a decent password... one that is not impossible to remeber.
method #1 - I call this the Adlib password.
Select a random word, one that does not have ANYTHING to do with you or anyone you know. I'll pick a random word right now -- chickens. Now that we have the "base" word, we can add a symbol to the front and back of it. Let's select "*", but it could be anything... So now we have "*chickens*" as a password. Now we can pick a number, or for all I care, another symbol. I'm going to choose 84 as a random number. I'll insert this into the middle of the word, making the password, "*chick84ens*".
Now that's a strong password. Random word, random symbols and a random number. But it's easy to remember. That's about the perfect mix...
Method #2 - The Acronym
Anyone here ever hear the phrase, "The quick brown fox jumps over the lazy dog"? It's a phrase used in typing classes because it has every letter in the alphabet in it. We can easily turn this into a password. tqbfjotld See the link? I used the first letter of each word in that phrase. You can choose your own phrase and select the first letter... But that leaves it suspetable to brute force hacking. No problem, Throw in some of the adlib stuff into this password. Maybe a symbol, maybe a number, maybe you want to do some caps.
The main thing you need to remember is that using a word found in the diction is bad. Using a word found in the dictionary followed by,"1" is only slightly better. There are many ways to make difficult to guess passwords that are easy to remember. The key is to make a password that you will remember, is hard for a person or computer to guess, and isn't written down.
It's getting late, and I realize this should probably be longer, but I think I'm gonna end this blog entry. I hope it's been helpful.
Matt
