How to choose secure passwords that are easy to remember
How to choose secure passwords that are easy to remember
Madrid, August 1, 2005 - To prevent a potential attacker from guessing passwords, they should be as long and as sophisticated as possible.Passwords that comply with these requirements could be difficult for users to remember, unless an intermediary solution like a ´passphase is used.
The longer the password, the lower the probability that brute force(*) attacks will be successful. For example, if the password only contains numbers, a two digit passwords will allow 100 combinations, whereas with an 8 digit password, the number of combinations increases to 100 million. In both of these examples, the number of possible combinations is not very high, considering that attacks can be automated. For this reason, it is always recommendable to use a high number of characters, combining letters, numbers and special characteristics.
By following the recommendations above and creating an eight character long password that combines lower-case letters and numbers, the number of possible combinations increases to 400 million. If it is estimated that it takes a brute force attack an hour to try all the possible combinations of an 8 digit password, it will take 65,536 hours to do the same with a password of the same length that combines lowercase letters and numbers.
As well as the length and set of characters used, there are other characteristics of formal encryption that should be taken into account, such as Entropy, which could be summarized as the complexity of the password. Therefore, the password ´4zM9h-f%´ for example, is more secure than the password ´oxygen24´, and the latter is also more easy to guess based in dictionary attacks(*).
Choosing a complex password also makes it more difficult to guess and not very practical for users. For this reason, some people use an intermediary solution: Avoid complexity while increasing the length of the password, or creating a ´passphrase´, that is, using phrases as passwords (such as, ´I live at 32 Sun street´). Although these passwords do not have an adequate entropy from a formal point of view, these passphrases are easy to remember and the length makes them quite effective against the most usual attack techniques.
(*) Additional information
Dictionary attacks involve, once a correct user name is obtained, trying out a series of passwords from a set list to see if they match. This kind of operation is often carried out using a purpose-built application, with a dictionary as the source of the passwords to try, as many users simply use common words as passwords.
A brute force attack is similar to the one mentioned above, although instead of using a set list, it uses all possible combinations of characters. This kind of attack is most effective with short passwords, as the number of combinations needed is obviously related to the length of the password.
Oxygen3 24h-365d
by Panda Software
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel