Optimizing your password for strength

Articles

We live in a day and age were password security has seen countless improvements and the competition between individuals who want to steal password and the people who seek to improve password security is so extreme that network improvements and software patches are being made almost daily. However, sometimes server side security is not a factor, particularly if an intruder is using a brute force attempt at guessing the user’s password, which is done either by using a dictionary of passwords or by pumping as many variations or random strings in hopes of finding a match.

The only safe precaution against brute force hack attempts is by using a strong password. The last resort in password cracking usually relies on a computer or a group of computers trying every possible set of strings in order to guess the correct possible. This has a guaranteed success depending on how much time is permitted. Given infinite amount of time to try, a brute force attempt can crack any password. However, time itself is the issue and the user may change the password or an admin may notice something weird before the attempt succeeds. Because of this, an intruder will first try faster methods of password cracking such as dictionary attacks, word list substitution, or pattern checking. Safe passwords are usually hard to crack using these methods, but for users who use very common words or phrases as passwords will have their accounts very easily compromised.

One of the ways you can make a strong password is by making it lengthy. Each character you add to your password is another character that a password cracker will have to crack, and exponentially increases the number of combinations it has to try first before guessing correctly. As a general rule of thumb, a strong password should have no less than 8 characters. The sweet spot though is fourteen characters. It is long enough to give password crackers a hard time, yet short enough that its user will still be able to remember it correctly.

It used to be that people were advised to create Environ passwords, which are passwords with a consonant, vowel, consonant, consonant, vowel, consonant, number and number as a pattern. The idea behind it is that it creates passwords that are pronounceable yet have no actual meanings. For example: “jintab22”. However, this is actually less secure, since any type of pattern only results in a password cracking software having something to base its actions on. The strongest forms of passwords are those that were made with no pattern whatsoever, usually consisting of a mixture of characters, numbers, and symbols. A good online password generator will provide this kind of strong password.

The problem with passwords that are made to be difficult to crack is that they are usually too long to facilitate easy memorizations. This results in people writing them down somewhere, which is a major security flaw. A good counter-measure for this is to keep the written password somewhere secure, like your wallet, and using a password generator to create new ones weekly, which you will write on paper and secure in your wallet again, this way, even if someone gets a hold of your written password a week later, he will have no use for it.