, we talked about policies and rules for creating a secure password. After reading that post you might be a little overwhelmed and not sure how you can create unique, hard-to-guess passwords that you will not forget if you are not supposed to write them down. So today we will be looking at some real world suggestions for what a secure password that is still easy to remember but hard to guess.
To understand why complex passwords are important it is good to understand the basics of a brute force attack. A brute force attack is when a nefarious character attempts to access something password protected by writing a program that systematically tries all possible passwords. A program such as this can systematically test as many as one million possible passwords per second. The most easily cracked passwords are ones that appear in the dictionary. A brute force program can crack a password that is a word from the dictionary in less than a second. A password made from random string of eight lowercase letters can be cracked in 2.42 days, and a password of eight characters made from a random assortment of numbers, symbols, and lowercase letters would take 16.3 years. If you use uppercase and lowercase letters, as well as numbers and symbols and make the password 10 characters, it would take a brute force attack 1.89 million years to guess it.
However passwords that pass muster can be next to impossible to remember and if your password is written on a sticky note on your monitor you are less secure than if you had made your password your pet’s name! So how can we create a password that is easy to remember but next to impossible to guess?
A good trick for creating a password that is well protected against brute force attacks is to think of a phrase that you already have memorized, this can be a line from a song, a famous quotation or a Bible verse. Then take your password from the first letter from each word, capitalizing certain words in a memorable way (like capitalizing all the adjectives or any reference to a person such a “me” or “you”), then also switching some of the letters for numbers and symbols, again in a way that you will remember without writing it down. A common way to do this is to use a form of “LEET” speak where you substitute vowels for numbers that look like the letter you are replacing (i.e. A=4, E=3, I=1, O=0). For example if you wanted to use the title of the REM song “It’s the end of the world as we know it (and I feel fine)”, you could make your password: 1′t30tW4Wk1(41ff) in this case, I wrote the first letter of each word, leaving in all punctuation (the apostrophe in “It’s” and the parenthesis). I then switched all the vowels for numbers and capitalized the two nouns: “World” and “We”. While this password is hard to say to someone and impossible to guess, it is surprisingly easy to type as you simply recite (silently of course) the phrase as you type each letter or number.