It is probably between 6 and 8 characters with a mixture of upper and lowercase and with at least one number. You are likely to use the same or similar passwords for Facebook, Gmail, YouTube, Twitter and even online banking. Or you might have discovered the new way to work with passwords. If not, you should probably change them all today.
By far and away the most sensible password system is the three or four word system recommended by Thomas Baekdal – make your password something like “cheese and chips”, it’s quite important to make it different on each of the systems you use, the most common way of your password being discovered is by the server being hacked and your password read directly from a file on the server’s storage.
There is quite a lot of discussion and advice on the web regarding passwords and passphrases, most of them go into great mathematical and statistical analysis of what makes a good password or passphrase. If you are the type of person who uses a simple word as your password, such as “kevin”, changing it to “Kevin is Lovely” is much more secure than just the single word.
Lots of people use passwords where they swap letters for numbers, eg. “password” becomes “pa55word”, the difficulty comes in remembering which letters you swapped for numbers, so whilst it may be more secure in theory, it is actually less secure because the password has to be written down somewhere. Changing it to “this is my password” is easy to remember and much more secure as it uses more characters. Its weak point is that someone could easily guess this passphrase, so use a more obscure phrase like “Cheese and Chips” instead. For obvious reasons, do not use any of these phrases.
There are web sites which will generate a strong password for you, it will be a random mixture of up to 15 of the characters on your keyboard. It will be almost impossible for you to remember but will take trillions of years for today’s fastest computer to break, so it is very secure (unless it is written down). However, “kevin is lovely” is also 15 characters long and will take 796 million years for today’s fastest computer to break. I’m not suggesting I want my bank to prevent unauthorised access to their servers with a passphrase of “kevin is lovely”, I’d expect them to have multiple security systems in place.
Changing your password is also important, unlike most business systems none of the social media sites require you to change your password on a regular basis, but its still a good idea to change it every now and then. Using the passphrase system makes this easy, for example “Kevin is not Lovely” or “Simon is Lovely”.
Its important to remember that no password system is infallible, if it was then we wouldn’t have these problems. Understanding this is the first step to computer security.
In the real world, a passphrase of “Kevin is Lovely” would most likely be guessed by someone who knows you so it is not a good passphrase to choose. I’ve used this as an example to improve security for someone who currently uses a password of “kevin”. Security experts advise against using common phrases and song lyrics as these are vulnerable to “dictionary attacks”, but changing your password from “kevin” to “Kevin is Lovely” is still a giant leap forward in your computer security. A better phrase would be “Kevin is Fromage” since it doesn’t make sense, use nonsense to defeat logic.
Check how secure your password is at Microsoft’s Password Checker or try the one recommended by Google.
One response to “What’s My Password?”
If you can do 10-finger typing blindfolded, an easy way to scramble normal words like “Kevin” is to just offset your hand position on the keyboard. For example instead of resting your fingers on asdf and jkl; you put your fingers one row above on qwer and uiop so when you type “Kevin” it becomes “i3f8h”.
Alternatively you could switch your keyboard layout to dvorak (where the position of the letters is very different to qwerty) and then type your password as if typing on a normal keyboard. “Kevin” on Dvorak would be “t.kcb”