How to create strong passwords

How to create strong passwords

The world has become a digital village and each one of us has got various computing devices at their disposal (Mobile phones, Personal Computers, Laptops, and tablets). Operate myriads of social media accounts (Facebook, LinkedIn, yahoo, Gmail and many more). The common denominator for all of them is the ‘PASSWORD’. Oxford online dictionary password defines password as “A secret word or phrase that must be used to gain admission to a place” (Oxford Dictionary, 2014).

Since passwords are very vital in accessing online and offline services from our computing gadget’s. They form the first line of defense. Therefore they are prone to various types of attacks (Password Guessing, Password Resetting, Password Cracking, Password Capturing and many more). “Another major problem is password management. People use the same password on multiple sites, so when the hacker compromises one site, they have your password for everywhere else.”(Kevin Mitnick).

Passwords DO’s and DON’Ts

DO the following

  • Ensure that minimum number of characters to be 8, with;
    • five of the following character classes:
      • Lower case characters;
      • Upper case characters;
    • Contain at least three of the five following character classes:
      • Numbers;
      • Punctuation;
      • “Special” characters (e.g. @#$%^&*()_+|~-=\`{}[]:”;'<>/ etc);
    • Don’t reuse a password: construct a new password each time it is changed;
    • Don’t base passwords on any of the following details;
      • Months of the year, days of the week or any other aspect of the calendar.
      • Family names, initials or car registration numbers;
      • A proper name or any word in the dictionary without altering it in some way;
      • A word that can be derived from a dictionary word, e.g. by reversing letters;
      • Department or branch names, identifiers or references;
      • Telephone numbers or similar all numeric groups;
      • User ID, user name, group ID or other system identifier;
      • More than two consecutive identical characters;
      • All-numeric or all-alphabetic groups;
      • Obvious phrases or sequences such as “OTTFFSSE”, “QWERTY”, “POIUY”,”54321”, “09876” or “12345”;

As Taranga Komanduri, a doctoral student at Carnegie Mellon University’s states, “The only reliable rule is: ‘The more unpredictable, the better,”. Ensure that your password is random and not easy to guess.

If possible use Passphrases. Passphrases are not the same as passwords. A passphrase is a longer version of a password and is, therefore, more secure. A passphrase is typically composed of multiple words. A good passphrase is relatively long and contains a combination of upper and lowercase letters and numeric and punctuation characters. An example of a good passphrase:

“In year 2014 Kenya is celebrating 50 years of independence” a passphrase derived is as follows;

“Y@ar2014Kenyais@50”

Remember always “Choosing a hard-to-guess, but easy-to-remember password is important!” (Kevin Mitnick)

DON’T do the following

  1. Always use different passwords for different accounts e.g., Facebook, twitter, yahoo and Gmail), use different password for each accounts;
  2. Always use different passwords for various access needs whenever possible;
  3. Do not share passwords with anyone;
  4. Passwords should never be written down or stored on-line without encryption;
  5. Do not reveal a password in email, chat, or other electronic communication;
  6. Do not speak about a password in front of others;
  7. Do not hint at the format of a password (e.g., “my family name”);
  8. Do not reveal a password on questionnaires or security forms;
  9. Always decline the use of the “Remember Password” feature of applications (e.g., Mozilla, OutLook, Internet explorer (IE)).

Always remember to “Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every month” (Clifford Stoll) and  “Let your faith in the Lord be like your ATM password. Keep it in memory even when your account is empty” by anonymous.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s