Guidelines for creating secure passwords

SUJEET BAMBAWALE

This tip was submitted to the searchSecurity Tip Exchange by user Sujeet Bambawale. Let other users know how useful it is by rating the tip below.

Security awareness at the end-user level is very important to personal as well as corporate computing, and secure passwords are among the stepping stones towards a secure computing environment.

There has been some interesting reference material here regarding secure passwords, and these are some thoughts and comments that I would like to add into the mix.

In my opinion, secure passwords are those that meet the following criteria:

Alphanumeric

Can be typed in the dark (without looking at the keyboard)

Are not necessarily the conversions of an alphabetic sequence

Passwords that need to be converted using some specific key, however easy-to-remember it may be, require some sort of mental calculation. Passwords that can be touch-typed (typed in the dark, or typed without looking at the keyboard -- just by aligning and using your fingers in a certain way on the keyboard) are far better because one doesn't need to write them down anywhere.

The downside of converting easy-to-remember alphabetical or alphanumeric strings into "Passwordese," is that the seed string is still easy to remember for the user and easy to figure out for the attacker. Extending that ease-of-use concept, the key is also usually easy to figure out, and therefore the password generated is usually

Requires Free Membership to View

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

not as secure as the user may believe it to be.
Here are a few personal details that are easy for most attackers to find out, and thereby apply to attempting password break-ins:
Birthdate
Vehicle's license plate number
Cube or office number
Phone extension number
Wedding anniversary
Significant other, spouse and/or kids' names and/or birthdates
Your middle name
Residence numeral within your address
Firm's stock symbol
Brand of vehicle
Combinations and permutations of the above can have some pretty interesting alphanumeric sequences that seem secure, but can be quite easily figured out. These include:
Your first initial, your spouse's first initial, wedding anniversary
Your initials, phone extension
Cube or office number, your initials, phone extension
Your middle name, your birthdate
Brand of vehicle, your license plate number and year of purchase'
Firm's stock symbol, cube number, phone extension
As you can imagine, the complexity of the combinations can increase to "reasonably secure," but all the same, the set of most known values is still fairly insecure.
In conclusion, a touch-typed alphanumeric sequence on a keyboard may be sufficiently random so as to throw a wrench into the guessing game, and be a reasonably secure first level of security.
More News and Tutorials
- Articles
  
  Pattern-based passwords: Easy to remember non-dictionary-based passwords
  
  RSA 2005: Passwords at the breaking point
  
  Candidate keys
  
  Lesson 1 Quiz, Answer No. 1
  
  Passwords for Oracle were 'cracked in 20 days'
- Sony warns millions of PlayStation Network users after hack
  
  Password burden turns Britons on to fingerprint protection
  
  Ethical hacking tools and techniques: Password cracking
  
  security identifier (SID)
  
  AIB secures businesses with Vasco tokens
- Related glossary terms
  
  Terms for Whatis.com - the technology online dictionary
  
  passphrase
  
  graphical password or graphical user authentication (GUA)
  
  cracker
  
  TACACS (Terminal Access Controller Access Control System)
  
  onboarding and offboarding
  
  shadow password file
  
  identity chaos (password chaos)
  
  session replay
  
  masquerade
  
  war dialer
This was first published in October 2001

Join the conversationComment

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Guidelines for creating secure passwords

Requires Free Membership to View

More News and Tutorials

Articles

Related glossary terms

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

You May Also Be Interested In...

More Background

More Details

More from Related TechTarget Sites