By Jonathan Sanders
In Part 1 of this series of articles I talked about the importance of developing good practices for the creation and storage of your passwords to keep your personal information secure. In this segment I will discuss the concept of password strength.
The strength of a given password can be evaluated by how many random guesses it would take tocome up with the correct password. The phrase used to describe this strength is “bits of entropy”. The number of bits of entropy required to guess a password increases with the number of characters in the password and the variety of characters used.
Security experts have analyzed data from multiple breaches in the past years and found shockingly high occurrences of people using easily guessed passwords. The top 10 most used passwords in the world are:
If you are using any of these passwords, even on low value accounts, you should stop whatever you are doing and immediately change your password on all affected accounts. We’ll wait while you go and do that!
Not only do these passwords have a low number of bits of entropy, but they are so commonly used that hackers have tools that check for these commonly used passwords so that they can crack accounts in a matter of minutes.
The burden for each person is to come up with a way to make passwords with a high number of bits of entropy and yet not so difficult to remember for use in your accounts. Years ago, I came across this cartoon that had the bestpractical advice for coming up with high strength passwords.
“correct horse battery staple” is an example of what is called a readable passphrase, meaning that a person can read it as if reading any normal sentence. The human mind has a much easier time remembering a phrase of random words than it has in remembering a random arrangement of symbols. It is not difficult to remember and use readable passphrases that have 80 to 100 bits of entropy.Don’t try to take a shortcut by using quotes from books, movies and songs as hackers have databases of these sorts of popular phrases. The key here is the use of a random selection of words that are unrelated to each other and can’t be derived from your personal information.
In the next segment of this series I will talk about some free tools that you can use to generate high strength passwords, store them securely and use them conveniently.