If a user has a weak password that is based on a simple pattern, then a password-cracking device may parse through a list of words and word variations quickly guessing that password. Some examples of weak passwords include (list below is adapted from Wikipedia):
- Default passwords like “password.”
- Words found in the dictionary.
- Words with repeated phrases or words.
- Words that substitute a number or character for a letter.
- Words or numbers related on a personal level.
American security expert Bruce Schneier suggests that developing a memorable password will no longer work. He says,
“Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We’re all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.”
Creating Strong Passwords
Here are some general tips for creating strong passwords.
- Avoid using words or identifiers that might be related to you.
- Use a password generation tool when possible.
- When possible, choose a password that has 12 to 14 characters.
- When possible use a random selection of letters (capital and lowercase), numbers, and special characters.
- Don’t use the same password on different sites.