Posted by: Trizzo | August 15, 2010

I’m sorry, but can’t I write that down?

if you were to ask any of the two billion odd users of computers, some people would say they are a necessary inconvenience, others would say that they are a mild annoyance, and some would say that they are the bain of their lives and don’t see the point in them. I am of course talking about passwords.

And out of these two billion odd users if you asked them (and any readers of this blog) if their password has 8 or less characters in it, I wonder how may people would have to put their hands up? would you?  Well chances are if you have then your password is now apparently too short.

Out at of interest I looked up what the most common passwords are and the results were pretty much what I expected bar one or two surprises.  The list can be found here  It’s a little outdated but probably still valid.  Out of that list only one common password goes over 8 characters.

But why does it matter? I hear you thinking.  Well it all comes down to how a malicious hacker would try to break into your computer.  There are many ways of doing this, but to keep this simple I will keep it to the two common ones, one being cycling through the most common passwords known. Some hackers actually include this list into viruses that automatically try to hack the administrative account of the computer to gain access.  The other, and main topic of this post is one called ‘Brute Force’.  Brute force in its simplest understanding entails a hacker obtaining a copy of your encrypted password and using a computer program tries to break the encryption by running through every possible combination that the password could be until it gets the right one.

Years ago this would be very difficult because normal PC processors have protection to stop them being used for this kind of attack, but recently the processing power of graphics cards (used to display everything on your screen) has increased dramatically and because of the way these operate they cannot be currently protected against this use.  This has allowed malicious hackers the ability to be able to crack short passwords potentially very quickly.

So what do you do?

Well most experts will say to increase your password size to at least 12 characters.  But I worked in IT support and know first hand how difficult it is to get users to use passwords with numbers, upper characters and yes the dreaded symbols! and getting them to remember them afterwards without writing it down is sometimes almost painful, especially if they know they are going to have to do it again in 90 days.

So what tips can I give?

Well the easiest way I have found of creating a password that is long enough, complicated enough and still memorable is to think of a sentence I will remember such as ‘I Like Walking’, which is 12 characters, then swapping some of the characters for numbers or symbols which look similar such as e=3, l=7, a = @, o= 0 (zero) until you get something like  ‘IL1k3W@lk1ng’.  And don’t forget the all important upper and lower case letters as you can see in the example.

By doing this you make it a lot harder for a program to be able to break your password.

If anyone else has any other suggestions for password remembering strategies then please let me know and I will post these here.

The original inspiration for this post came from this BBC news article:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: