3 Steps to An Unguessable Password

Passwords are more than a necessary inconvenience to access hosts, files, and applications. Instead, they assist with security for accounts and information. Many people, unfortunately, choose weak over strong passwords for convenience. There is a process, however, that can help users create meaningful but strong passwords. 

The primary form of host, file, and application security is through the use of a user identification (userid) and a password. The userid identifies a specific account holder while the password validates the user’s identity. Protecting the userid can be difficult because it may be part of an email address or the email address itself. Unfortunately, this information may be available on the internet (e.g. resume or company website) or on a business card. With half of the access combination available to unethical hackers the password becomes the last line of defense for unauthorized access.

Password selection is a balance between convenience (easy to remember) and security (hard to guess). Most people, unfortunately, prefer convenience. In 2012, the most common passwords were "password" and "123456." These passwords are easy to remember, but they are too common and weak to provide adequate security. Users can create a strong and easy to remember password in three steps.

The first step is to review three recommendations for strong passwords. Author Brian Krebs recommends using "a combination of words, numbers, symbols, and both upper- and lower-case letters." He also advises against using words that can be found in a dictionary or “simple adjacent keyboard combinations” like QWERTY.

Security specialist Bruce Schneier recommends using a meaningful sentence to create a strong password. His example of "This little piggy went to market" could be converted to "tlpWENT2m". The user can find a meaningful phrase or event that can be remembered but converted into various letters, numbers or symbols.

A final recommendation is to utilize a long password. Password length is also related to strength since there are more character combinations. The increased length, in turn, requires more guesses to finally crack the password.

The second step is to use a password strength checker and a search space calculator. The checker provides an opportunity to see strength criteria and utilize them in password creation. The calculator, on the other hand, allows the person to see how long it would take to crack a password. Both provide a visual understanding of password strength.

The third step is to create a password. A user can think of a meaningful phrase, convert it and check it with the tools. This process can take some time as words or characters change to improve strength. At the end, though, will be a memorable and strong password.

The future of passwords is uncertain as organizations and industry look for other ways of user authentication such as biometrics or tokens. Until those technological advances become the standard, the userid/password combination will continue to be the norm. That means that users must protect their assets and information through strong passwords.

How much do you trust the information in this article?

Darcy Kempa

Darcy is an avid fan of politics and the political process. He worked for the Richard M. Daley mayoral campaign in late 1982 through early 1983. Darcy completed 21 years of military service in the Marine Corps and the Navy. While in the Navy, he served at the Pentagon and completed the Capital Hill Workshop from the Government Affairs Institute of Georgetown University. Darcy has a Masters of Arts in Organizational Management and a Masters Certificate in Project Management. He is also a Certified Manager which was obtained through the Institute of Certified Professional Managers.

MORE FROM

Linkin Park’s Chester Bennington was open about his pain. That doesn’t make his death less shocking.

“If it wasn’t for music, I’d be dead,” Bennington once said. “One hundred percent.”

Please stop hating on ‘The Dark Knight Rises’

Christopher Nolan's final Batman film is simply not as bad as some fans think.

It’s time for Steve Whitmire to let Kermit the Frog go

The veteran puppeteer is having a tough time relinquishing his 27-year relationship with the famous Muppet.

Debate: Is director Christopher Nolan the best or the worst filmmaker of our time?

Mic asked two staff members to debate the relative merits of award-winning director Christopher Nolan and his movies.

‘The Vampire Diaries’ ending could be what saves ‘The Originals’

The end of 'The Vampire Diaries' could mean a new beginning for 'The Originals.'

Let’s needlessly overthink these ‘Game of Thrones’ photos from “Stormborn”

Sam's still at the Citadel, looking miserable.

Linkin Park’s Chester Bennington was open about his pain. That doesn’t make his death less shocking.

“If it wasn’t for music, I’d be dead,” Bennington once said. “One hundred percent.”

Please stop hating on ‘The Dark Knight Rises’

Christopher Nolan's final Batman film is simply not as bad as some fans think.

It’s time for Steve Whitmire to let Kermit the Frog go

The veteran puppeteer is having a tough time relinquishing his 27-year relationship with the famous Muppet.

Debate: Is director Christopher Nolan the best or the worst filmmaker of our time?

Mic asked two staff members to debate the relative merits of award-winning director Christopher Nolan and his movies.

‘The Vampire Diaries’ ending could be what saves ‘The Originals’

The end of 'The Vampire Diaries' could mean a new beginning for 'The Originals.'

Let’s needlessly overthink these ‘Game of Thrones’ photos from “Stormborn”

Sam's still at the Citadel, looking miserable.