This form can be used to check the strength of a password and the time to attack
(guess by brute force) the password. Choose "automatic" mode to have the form change the
length of the password as you type, or choose "manual" to set a fixed length. Note that the
password you enter must conform to the criteria you select. For example, if you choose
"numbers only," entering a letter in the optional password field shall result in
the form replacing that letter with a number.
|
Tips on Making a "Good" Password
A good password is one that is as difficult as possible given the limitations of the characters you can use. The strength rating on this form is not an absolute measure, although given two passwords made using the guidelines below, the one with the higher strength percentage is almost certainly more difficult for an attacker to break.
- Don't Use Information an Attacker May Know
-
Passwords that include personal information that an attacker may know are easier to crack.
For Example, people often use the first word of a sentence, as in "I have two children,
Devin, 6, and Ethan, 3" to form the password "IhtcD6E3." While this may look difficult to
guess, and have a high strength rating, it is a common phrase using personal information,
and thus too easy for an attacker to guess. Using your or a loved one's birthday for your
PIN is another classic case of a bad password selection. If you need a sentence to remind
you of your password, choose something more obscure like, "Bad weather adds 20 minutes to
my commute" which makes "Bw+20mtmc."
- Avoid Patterns
-
Patterns like "123" or "abc" in a password are often detectable by attackers. Try to avoid
adding simple patterns or sequences to your passwords.
- Avoid Special Characters
-
Although they make passwords difficult to guess and will give them a high strength rating
on this form, some special keyboard characters will expose system vulnerabilities. For example,
a percent sign (%) is a special character used when making database queries. If your password
includes a percent sign, and the system uses your password in such a query, it may cause a naive
system to inadvertently expose data to unauthorized users, or cause system vulnerabilities.
Because you should never make assumptions about the system you are creating a password for,
it is best to avoid the following characters:
! $ % & * ' " ; \
Examples of "safer" special characters include:
~ @ ^ ( ) - = +
- Do Not Use Suggested Passwords
-
This form includes a utility to suggest a password based on the text you have entered or
randomly. When using passwords suggested by any algorithm, including the one that this
form uses, be aware that hackers may have access to the same algorithms, and so would be
able to generate the same passwords. That makes using these passwords somewhat dangerous.
These algorithms are only provided to suggest examples of passwords that are as strong as
they can be given the criteria such as available characters and length.
- Don't Be Afraid To Write It Down
-
Another problem with the seemingly random passwords suggested by computerized algorithms
is that they are often too difficult for the user to remember. Users often take to writing
down complex passwords, which is generally perceived as a major security weakness.
However, if you treat your written passwords as if they were as valuable as the information
you access with them, then you can use a more complex password without having to remember it.
Remember to guard it well - I suggest keeping it separate from you wallet (which you may
be asked to surrender if robbed)
but always on your person. Writing a hint may also be better than the real password.
Making a good password isn't easy, but the extra steps above can help create a more secure
password that is more difficult for hackers to guess.
|