How to create strong passwords

How to create strong passwords

Unless you’ve been completely off the grid and/or living under a gigantic rock, passwords have very likely become a large part of your life. Which means you’re also likely to have your task cut out remembering them. If you’re sensible, you probably use a password manager to keep track of your brain-churningly complicated passwords. If you like living dangerously, then your passwords are always 12345. If you’re like many of us, you probably have a stock password that is your first pet’s name with your (or your firstborn’s) birthdate and an exclamation point somewhere to appease various form requirements.

After all, who has the time to come up with inventive, easy-to-remember but hard-to-guess passwords with painful regulari ty — as all the security know-it-alls keep telling us we should?

Only, we really should, mostly because we tend to underestimate the value of our passwords. (We won’t go into the implications of what might happen if you persist in using silly passwords — work it out or ask Google.) Which is what made an enterprising 11-year-old realise that there might be good money to be made out of offering to make people virtually uncrackable passwords.

She uses a method called Diceware to generate a passphrase comprising six random words picked from a list of 7,776 English words. Then she writes it down by hand, slips it in an envelope and posts it to her customers. You make some changes to the words, including adding symbols or numbers and capitalising some letters, and there you have it—a unique six-word password that an ordinary hacker would never be able to break. All this for just $2 (plus another $2 to snail-mail it to you, which comes to a rather reasonable Rs 265, less than the price of a cappuccino and sandwich). Go to Diceware Passwords.com to avail of the service.

Or you can just do it for yourself at home. The reason this method is called ‘dice’-ware is that it uses random numbers generated by dice throws to come up with the words. Go to Diceware.com to find out the details of how this method works and why it is so secure. It’s not rocket science. You can create your Diceware password relatively simply. If you don’t have dice, you can use an online simulator.

XKCD.com does a fantastic graphical representation of password strength with a cartoon (http://xkcd.com/936/). It shows you how, a password comprising four random dictionary words would take 550 years to guess at 1,000 guesses per second. Of course, a cybercriminal or dodgy organisation with powerful computers at their disposal might be able to do it much more easily. A six-word Diceware-generated password would be ‘breakable by an organisation with a very large budget, such as a large country’s security agency’. If you added a seventh word, the password would be ‘unbreakable with any known technology, but may be within the range of large organisations by around 2030’ (Diceware.com). 

The Diceware method isn’t the only one to come up with a passphrase. Any random sentence or phrase can be the origin of a password that’s known only to you, easy for you to remember but not for anyone else, and long enough to be secure. For instance, suppose I take a random fact about myself: ‘My second book was The Key of Chaos. I wrote it in Bangalore.’ From this I could get msbwtkociwiib and with some creative replacing, make it m2bwTKoCiwi!B. According to Blog.kaspersky.com /password-check, it would take an average desktop PC over 10,000 centuries to bruteforce this. According to Howsecureismypassword.net, it would take 26 million years!

So, the next time you’re feeling lazy about passwords, you know you really have no excuse. 

Source | http://www.mydigitalfc.com

 

Regards 

Pralhad Jadhav

Khaitan & Co