Complex Passwords

by Wayne Small

Passwords – they are one of the necessary evils of today’s highly technical environment.  We need them for everything from accessing our computer in the office through to checking up our phone bill online and paying for it.

The recommendation of course is that you never use the same password for multiple accounts, just in case one of the services you use is compromised and they gain access to your password.  Therein lies the rub.  Because passwords need to be reasonably complex, that makes it harder to remember.  Some people suggest using some form of pattern so that you can easily remember your passwords.

The problem with a pattern is that if the bad guys get hold of a couple of your passwords from different sources then it’s often easy for them to guess the next password in the sequence.

One common method is to replace the common letters with numbers, for instance a password of Passw0rd where the O is actually a zero would satisfy the requirements of many systems.  Sadly the bad guys know this too and it’s something they can programmatically check for.

Passwords often need to contain certain characters too.  Characters like upper case, lower case, numbers and punctuation marks are all components of a password that are valid.  For many years, I’ve believed that the best password was something of 8 or more characters with all those attributes.  Therefore I would recommend something like W@yneisC00l would be a great password to have.  Again however, it’s something that is fairly easy for the password crackers to guess.

I’ve had clients who have used lines from their favourite song, or poem as passwords.  More than one customer has used lines from the Bible as it’s something they remember more easily than their password.  Whatever you use, it needs to be easy for YOU to remember and something that means something to YOU.

How then can we have a password that is hard for the bad guys to guess, and yet easy to remember?  I’ve been using a different system of late which has been found to be far superior to what I’ve done in the past.  It’s easy – look around your desk right now.  You see many different objects.  Pick three words from those objects and put them together.  For instance, three objects I see around me right now are flowers, carpet and a stapler.  The password I could make from that could be Fl0werscarpetStapler – note that I used a zero for the O in flower.

This password has three of the four characteristics possible in a password and is easy to remember.  The key here is that the length of this password is what makes it harder to crack.  Any automated password cracking tool will take many, many years to crack it.  But it’s something easy to remember.

Give it a go when you next need to change your passwords.  Make them easy to remember, but harder to crack.