How To Build A Secure Password

Everyone tells you that you should have a strong password, but it is one of those things that definitely falls under “easier said than done.” Sure you can come up with something you feel is strong, but how do you gauge it? And what do you do if everything you think of is considered weak? We’re going to give you some suggestions and provide you with links to some tools that will help you with all of these issues.

Last April we brought you a story of the twenty most used passwords on the site RockYou that were discovered when a hacker broke into the site.  Over the past week we’ve seen the same thing happen in the wake of the hacking attack on Gawker Media.  These lists were disturbing to say the least, but both instances showed a very common problem that most people just can’t come up with a password off of the top of their heads.  So if you do want to come up with your own, what are some of the pitfalls you should avoid?

Here is a list of things you should never include in a password:

• Anniversary dates
• Any basic word you could find in a dictionary of any language
• Any keyboard sequence (i.e. QWERTY or 12345)
• Birthdays
• Names of close friends or coworkers
• Names of TV/movie/book characters
• Repetitive letters (i.e. nnnnnn)
• The network name of your computer
• Your boss’s name
• Your child’s name
• Your company name
• Your favorite vacation spot
• Your grandchild’s name
• Your license plate number
• Your name
• Your parent’s name
• Your pet’s name
• Your phone number
• Your social security number
• Your spouse’s name

So, what are you left with to build a password from?  Yes, you are back to square one, but there are a couple of things you can do if you insist on using words that will be easy for you to remember.  Some people recommend that you use a mixture of capital and lower case letters, but not all password systems offer case-sensitivity. A mixture of words and numbers can also work, but if you pick a favorite word and number, it again becomes a bit too easy for someone to figure out. I personally like to suggest replacing some letters with symbols that look somewhat like the letters of a word, this way you can use a word you do know, but it will be mixed up some. Here are some suggestions, and do keep in mind some systems don’t allow you to enter special characters either:

• A = ^ or @
• C = (
• E = 3
• I = 1
• S = $
• T = +

Once you’ve built a password, then it’s time to test it, and if you fail these tests, well the next section will help you with secure password generators.

Password Strength Meters

Just as a note, I tested what I felt was my strongest password on all three of these, I will tell you the results next to each.

CertainKey Passphrase Strength Meter: This one really lets you know what’s going on, scoring as you type and telling you how many days it would take to crack.  It said it would take 2,776 to crack my password.

HowSecureIsMyPassword.net: This site tells you how long it would take a desktop computer to crack your password as you type each character.  My test password would take 11 days.

Microsoft Password Checker: From software manufacturer Microsoft, this one emphasizes length and complexity to give you a password score.  It ranked my password as “Weak”, and was definitely the harshest critic.

PasswordMeter.com: Numerous options and meters to judge the strength of your password and give suggestions and gives you color-coded icons to tell you clearly how you did on each benchmark.  It gave my password a score of 77% and a rating of “Strong”.

Secure Password Generators

GRC.com: GRC generates three different unique, 64 character passwords every time you load the page.  You have zero chance of ever memorizing these passwords, but they will about the most hack proof passwords you can hope for.  Seriously, if you want “secure”, this is the one, but you will never, ever do it from memory.

PasswordChart.com: PasswordChart uses a two step process where it asks you for a phrase that will generate a key, you then enter a word and using the key to make a lengthy password you’ll never remember.

PasswordFire.com: This one breaks a few of the rules of secure password making by asking you for a special name, word and date, but it then jumbles them into a combined random order that would take a lot of guessing on someone’s part.

Password Suggest: Password Suggest may be simpler than you’re looking for, but it allows you to enter up to a ten character word and it will then make suggestions to you based off of that with numbers and characters mixed in.

PwdGen: PwdGen will allow you to create passwords that very in length from four to 42 characters, and then you also choose if it should include lowercase or uppercase characters, numbers and other criteria you check off for inclusion.

SafePasswd.com: SafePasswd allows you to choose how many characters you want in your password, and then lets you select criteria such as “easy to remember”, “letters”, “numbers’ and so on.

Secure Password Generator: Allows you to dictate what sort of characters you want in the password, then generates a password along with a phrase to help you remember, such as 7Uje5rus would be (Seven – UNIFORM – juliet – echo – Five – romeo – uniform – sierra)

What say you?  What are some of your tricks and tools to come up with secure passwords?