Here are some guidelines for creating a bulletproof password.
- Longer is Better – almost all password cracking is done by a group of machines that is simply trying all possible combinations. A three character password can be cracked in seconds, but a 14 character password takes longer, like 2,000 millennia.
- No More Words – using words that can be found in the dictionary, or the names of you spouse, kids, street, computer monitor, or whatever just makes the cracking process simpler. Plus these sorts of passwords can be guessed by reviewing publicly available information about you that is on the web.
- Use a Passphrase – Graham Cluely from Sophos has a short video that describes this technique. Take 3 minutes, click the link, and watch how he does it. By the way, his example is now a BAD PASSWORD because it has been published online, and now will be included in automated password cracking tools.
- Unique Password for Everything – My earlier blog about how journalist Mat Honan’s online life was destroyed by hackers who figured out one password and used it to access other accounts that shared the same password should be enough to convince anyone of the wisdom here. The problem is remembering all these passwords. My technique is to combine a long, 8-10 character base password with a 2-3 character site specific passcode. This gets you a ten to 13 character password that should be tough to crack, and really hard to reuse on other sites or online accounts. Another way to accomplish this is to use a software password manager like KeePass. KeePass has the added benefit of being a free open-source product.