Choosing a Secure Password

Cul­ture web­site Boing­Bo­ing has pub­lished a great arti­cle explain­ing how pass­words can get cracked.  Lot’s of easy to under­stand exam­ples and best prac­tices to keep you safe.

A typ­i­cal pass­word con­sists of a root plus an appendage. The root isn’t nec­es­sar­ily a dic­tio­nary word, but it’s usu­ally some­thing pro­nounce­able. An appendage is either a suf­fix (90% of the time) or a pre­fix (10% of the time). One crack­ing pro­gram I saw started with a dic­tio­nary of about 1,000 com­mon pass­words, things like “let­mein,” “temp,” “123456,” and so on. Then it tested them each with about 100 com­mon suf­fix appendages: “1,” “4u,” “69,” “abc,” “!,” and so on. It recov­ered about a quar­ter of all pass­words with just these 100,000 com­bi­na­tions.

Crack­ers use dif­fer­ent dic­tio­nar­ies: Eng­lish words, names, for­eign words, pho­netic pat­terns and so on for roots; two dig­its, dates, sin­gle sym­bols and so on for appendages. They run the dic­tio­nar­ies with var­i­ous cap­i­tal­iza­tions and com­mon sub­sti­tu­tions: “$” for “s”, “@” for “a”, “1” for “l” and so on. This guess­ing strat­egy quickly breaks about two-thirds of all pass­words.

Choos­ing A Secure Pass­word