How to Create an Effective Password

SafeBytes Software

Humorist David Sedaris has a story about going to a shop in Manhattan and seeing a big jar full of glass eyeballs. He immediately thought it would be a laugh riot to grab a couple to hold up to his eyes as a joke. Then he saw a note taped to the side of the jar that said, “DO NOT HOLD THESE GLASS EYES UP AGAINST YOUR OWN EYES: THE ROUGH STEMS CAN CAUSE INJURY.” He was crushed as he realized that something he thought would be so hilarious was absolutely not unique at all. He decided the police are right: the only thing that makes us different are our fingerprints.

One of the only other things, in theory, making us unique are the passwords we use on our computers and online accounts. However, the fact is most people use the same basic passwords which, in the end, are like having no password at all. According to Gizmodo, the top five passwords of 2015 were:

1. 123456 2. password 3. 12345678 4. qwerty 5. 12345

Others in the top twenty-five included monkey, login, letmein, and starwars.

Cracking Passwords

Hackers are constantly trying to compromise your login information to access your accounts. Of course, they don’t sit around manually typing endless variations of passwords hoping to get yours right. Instead, they employ cracking software, the most popular of which include John the Ripper, Cain and Abel, Hashcat, ElcomSoftwhich, Hydra, and DaveGrohl. These software crackers use lists of the most common passwords, dictionaries of English words, foreign words, phonetic patterns, and names. Different capitalizations and common substitutions—"0" for "o" and "3" for "e" and "1" for "l" and so on—are also applied to these dictionaries. How successful are they? Security expert Bruce Schneier estimates that these strategies can break two-thirds of all passwords.

Creating a Strong Password

As a general rule, an online password needs to be able to withstand 1,000,000 guesses in order to be considered secure. Create a strong password using these steps:1. Choose a password at least 12 characters long. (The longer the password the

harder it will be to crack.)2. Create a password that seems random but will be easy to remember. For

example, if my cats are Tector, Eastwood, and Beans, I can use the first three letters of each of their names to create the base password teceasbea.

3. Then, add a number to the end. So, if I live at 662 Ferndale, my password is now teceasbea662.

4. Add a special character. In this case, I can easily add an underscore: teceastbea_662.

5. Create more levels of complexity by using upper and lowercase letters: TecEasBea_662.

To get a general idea of how secure your password is, test it at How Secure is My Password? According to its estimates, a desktop PC running 4 billion calculations per second will instantly crack each of the top five passwords of 2015. But, the sample password TecEasBea_662 we created above? That will take approximately 26 million years.