You see it all the time… everyone says you have to use good passwords. You’ve always used the name of your favorite pet, or the name of a family member as a password, and that worked just fine, you say.
There is, however, a very good reason why you need to get away from using your pet’s name as a password.
Bad passwords can easily be cracked and your account information stolen or mis-used!
And yes, your pet’s name, or your family member’s name, is a bad password.
The potential fallout from using a bad password is huge. Imagine this…
- Your email account’s password is cracked. Now your account can be used for spam purposes. Suddenly all the people in your email address book get invites from you to join you at a porn website.
- Your Amazon.com password is cracked. Suddenly you’re buying products that you never ordered and that don’t arrive at your house.
- Your bank account’s password is cracked. I’ll let you imagine what happens next…
Here are some examples showing how fast passwords can be cracked by a single desktop PC:
Passwords with only letters…
Example: “monkey” or “wsght”
- 5 letters: 0.003 seconds
- 6 letters: 0.08 seconds
- 7 letters: 2 seconds
- 8 letters: 52 seconds
As you can see, ordinary words can be cracked very fast! Some words, like “college” or “flower” are cracked instantly because they are on lists of the most used passwords.
Let’s add a little more to it… Passwords with letters and numbers…
Example: “monkey358” or “wsght209”
- 5 letters + 3 numbers: 11 minutes
- 6 letters + 3 numbers: 7 hours
- 7 letters + 3 numbers: 10 days
- 8 letters + 3 numbers: 1 year
It’s starting to look a lot better, especially the combination of 8 letters and 3 numbers.
Let’s add even more to it… Passwords with letters, numbers, and one special character (like # or $)…
Example “$monkey358” or “$wsght209”
- 1 special character + 5 letters + 3 numbers: 6 days
- 1 special character + 6 letters + 3 numbers: 344 days
- 1 special character + 7 letters + 3 numbers: 48 years
- 1 special character + 8 letters + 3 numbers: 2,000 years
That last one is starting to look like a really good password!
How To Create Good Passwords
It isn’t really all that difficult to create good passwords. As can be seen from the tests above, the longer the password, the better. And the more different types of characters, the better.
Here are some basic rules:
- Make your passwords at least 12 characters long.
- Use a combination of letters, numbers, and at least one special character.
This combination will give you a password that will take at least 2,000 years to crack with a single PC.
Some websites don’t allow the use of special characters… yes, I know, that’s really dumb. In such cases, make the password at least 13 characters long, using letters and numbers. That will give you a password that will take 1,000 years to crack.
Remember, these are merely the minimums. This is definitely a case where more is better.
Using Pass-Phrases To Make Good Passwords
In a recent interview, Edward Snowden, the former NSA employee who exposed a lot of the government’s antics in spying on us, recommended using pass-phrases that string several words together.
Can you guess how long it will take to crack that one?… 931 trillion years! Now that’s a great password!
Testing Your Passwords
If you follow the rules above to make good passwords, you will do fine. If you would like to test your passwords to make sure they are good, visit How Secure Is My Password? This is a tool where you can enter your password and it will tell you how long it will take to crack.
Another useful tool is SafetyDetective’s Password Meter. You can enter your chosen password and it tells you if it’s a strong password or not. If it isn’t strong enough, it has an option to strengthen the password for you. Nifty!
Storing Your Good Passwords
Another important rule with good passwords: Don’t re-use your passwords, i.e. create a different password for each online account.
“But that will leave me with a lot of passwords to remember,” you say. The solution is to store your passwords in a secure application that has been created for the purpose.
The folks that created the password testing tool above, have created a free password manager called RoboForm. I have also used another great free password manager called KeePass. There are some other good choices as well.
You are now armed with all the information you need to create really good passwords and keep those hackers out of your accounts. Stay safe!
PS. Do you have something to add about creating good passwords? Let us know in the comments below…