A recent Newsweek article discussed the state of website passwords and asked the question “how do you build a better password?” What we learned is that the majority of accepted password methods, used on various websites, add a lot of complexity but not more security. Many people make common mistakes when selecting a password, and could benefit from strategies for good password ideas. Keep reading to learn about common password pitfalls and ideas for creating a secure passphrase.
Computer researchers at Carnegie Mellon University are finding that many of the recent security advances in the banking, e-mail, and other critical systems you log into every day are adding more burdens to users but can still be hacked.
For example, mnemonic passwords which are created when one thinks of a phrase, and combines the first letter of each word are quite common. The article gives this example; “The famous Ghostbusters line “Dogs and cats, living together!” becomes, with a few substitutions, “D&c,lt.” However, most people use common well-known phrases to create mnemonic passwords. As a result, scientists in a crude test were able to crack four percent of mnemonic passwords, suggesting that motivated hackers could do even better.
The other way most people create passwords is to rely on a single password and use simple variants for most websites. The problem with this approach is if that password is cracked at just one site, a savvy hacker can break into your personal information stored at other sites.
To discourage the latter from happening experts will tell you to create unique passwords for each website. And if you forget a password, no problem, just enter the right answer to one of several “security questions” that only you know. But a May 2009 study from Microsoft Research and Carnegie Mellon pulled the rug from under that approach by finding that subjects could guess their acquaintances’ AOL and Yahoo challenges more than a quarter of the time. And, according to the study, one in five subjects forgot the answers to their own security questions in six months!
Instead of a mnemonic password, research suggests that users are better off constructing passwords out of a phrase itself-a passphrase. Newsweek gives this example; “a short but hard-to-remember string like “J4fS<2” can be broken by what is called a brute-force attack (in which a computer attempts “a,” then “ab,” then “abc,” and so on) in 219 years, while a long but easy-to-remember phrase like “du-bi-du-bi-dub” will stand for 531,855,448,467 years. “
The main point here is a simpler approach to creating a password can be stronger than the accepted wisdom of combining letters, numbers and symbols. So break out those old Sinatra songs, “do be do be doo… strangers in the night…” there could be some great passwords in them.