Tags

, , ,

One of the biggest security issues people face is coming up with a password that is difficult to crack. I, for one, find myself struggling to come up with the “perfect”, uncrackable password whenever I need to change mines. Even so, as password cracking software evolves, it becomes even more of a challenge to come up with a strong password.

When we talk about password security, most users are under the impression that  if a passwords look less like a word it makes it stronger. Not only is this not true, but such passwords are also difficult to remember. Websites designed to analysis passwords, such as How Secure Is My Password?, can show you that passwords like, “7h0r&66!” can be cracked as quickly as 3 days. So what are some ways we can make our passwords more secure?

Well, XKCD provides a nice illustration on the subject. The idea is that passwords with higher bits of entropy are harder to crack. XKCD’s suggests choosing four random dictionary words as your password. This not only gives the password a high entropy, but also makes it easy to remember.

While many experts agree with the idea, there are some who argue against XKCD’s suggestion. They speculate that if the password cracker is checking for combined dictionary words, it can significantly decrease the time it’ll take to figure out a person’s password. Instead, they suggested users follow the NSIT guidelines when selecting a password:

  • Use a minimum of 8 characters selected from  a 94-character set.
  • Include at least one upper case letter, one lower case letter, one number and one special character.
  • Use a dictionary of common words that users should avoid, like a password blacklist.
  • Don’t use any permutations of your username as your password.

Although, regardless of how secure a password is, expert-leveled password crackers could still find it quite easy to crack. As demonstrated by Nate Anderson, even the most difficult passwords can still be cracked. For this reason, it is better to implement additional security measures than just a strong password. Setting up your account with 4-digit pin in addition to a password can radically change the game for password crackers.