Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Permalink for comment 541924
To read all comments associated with this story, please click here.
RE: make 'm long
by UltraZelda64 on Sun 11th Nov 2012 04:23 UTC in reply to "make 'm long"
UltraZelda64
Member since:
2006-12-05

A really good password should include, I'd say, at the very least 12 characters (more is better; most of mine are at least 25 characters long), and include both upper and lower case letters, numbers and symbols. How many of each specific letter/number/symbol is not really important, at least compared to the total length of the password itself.

The thing to try to achieve is lowering the chance of any kind of brute-force attack to be successful within a reasonable time period by increasing the total number of possibilities for each individual character. The more varied the characters in the password, the stronger it is--even with a given number of total characters. If at least one of each group of characters is used (uppercase, lowercase, symbols, numbers), every added character adds a large number of possibilities to have to go through in order to be able to successfully brute-force the password.

Length and complexity are the key; the idea is to increase the total number of possible combinations to make it take an extremely long time to crack, and each added character adds to that time. But equally importantly... don't use the same username/password combo across more than one site! This is especially true with passwords used for sensitive (ie. bank) accounts. You don't want to use those ones for web forums, online VoIP services, online pizza delivery services, etc.

Steve Gibson and Leo Laporte have talked a lot about this on Security Now. Here is a link useful page on Steve's site with an interesting clip halfway down the page taken from one of their podcasts (episode 303, I believe):

https://www.grc.com/haystack.htm

His pseudo-random password generator is also useful, and the podcast itself tends to be a good listen.

Edited 2012-11-11 04:43 UTC

Reply Parent Score: 2