A friend noted today that their online email account was compromised over the weekend. I thought about my post on creating strong passwords (and passphrases) in six easy steps, which is still relevant today…
Why should you care? Because last year InformationWeek reported that simple passwords created using short, simple key sequences can be easily cracked:
"For example, a lowly P3 PC running a widely available cracking tool at just 500 MHz was able to guess the password "ChEcK12" in only 26 seconds; and today's top-of-the-line PCs could perform the same crack almost instantly. (For more examples of just how quickly simple password techniques like this can be bypassed, see this page from McMaster University). It's scary stuff."
- Is at least seven characters long.
- Does not contain your user name, real name, or company name.
- Does not contain a complete dictionary word.
- Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 ...) are not strong.
- Contains characters from each of the following four groups: Uppercase letters, Lowercase letters, Numerals and Symbols found on the keyboard.
When all else fails, you may also use an online service such as http://strongpasswordgenerator.com/ to suggest strong passwords.
Also available via http://bit.ly/9JLnhG