How secure is your password?

News
By Khidr Suleman
published

How to create a safe and easy to remember password

Password protection

It's World Password Day, so it's the perfect time to see how secure your password is.

Remember, just because a password is hard for you to remember, doesn't mean that a computer won't crack it within minutes or hours.

If you take away one thing from this article, it should be this: A long, easy to remember password is better than a short, complex password.

Let's illustrate this with a couple of examples. The first from XKCD shows the complicated password "Trub4dor&3" might appear secure, but it will take 3 days to crack at an estimated rate of 1,000 guesses per second.

Tips for your password

Do

Experiment with creating a strong password here

Make it as long as possible

Use a variety of characters

Use different passwords whenever possible

Sign-up for two-factor authentication

Don'tUse any factual information e.g. birthdays

Share your password over email or text

Use simple passwords like "12345", "password" or "qwerty"

Meanwhile, a password made up of four random but easily memorable words "correct horse battery staple" would take 550 years to crack at a rate of 1,000 guesses per second. The more characters a password has, the longer it takes to crack.

Sound too good to be true? Let's look at another example, courtesy of Steve Gibson, who hosts the Security Now podcast.

Which is more secure?

PrXyc.N(n4k77#L!eVdAfp9 (23 characters)

or

D0g.....................(24 characters long)

Look closely, you'll see both include an uppercase letter, lowercase letter, number, and "special" character. So the second is more secure because it is longer.

Gibson doesn't recommend adding dots into all your passwords, but does suggest you come up with unique padding to help increase the length of passwords.

Most websites require you to use capital letters and numbers so this can act as your padding between four or more random but memorable words.

"You could put some padding in front, and/or interspersed through the phrase, and/or add some more to the end. You could put some characters at the beginning, padding in the middle, and more characters at the end. And also mix-up the padding characters by using simple memorable character pictures like "<->" or "[*]" or "^-^" . . . but do invent your own," Gibson noted.

Khidr Suleman
Khidr Suleman is the Technical Editor at IT Pro, a role he has fulfilled since March 2012. He is responsible for the reviews section on the site  - so get in touch if you have a product you think might be of interest to the business world. He also covers the hardware and operating systems beats. Prior to joining IT Pro, Khidr worked as a reporter at Incisive Media. He studied law at the University of Reading and completed a Postgraduate Diploma in Magazine Journalism and Online Writing at PMA Training.