Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Thread beginning with comment 541924
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: make 'm long
by UltraZelda64 on Sun 11th Nov 2012 04:23 UTC in reply to "make 'm long"
Member since:

A really good password should include, I'd say, at the very least 12 characters (more is better; most of mine are at least 25 characters long), and include both upper and lower case letters, numbers and symbols. How many of each specific letter/number/symbol is not really important, at least compared to the total length of the password itself.

The thing to try to achieve is lowering the chance of any kind of brute-force attack to be successful within a reasonable time period by increasing the total number of possibilities for each individual character. The more varied the characters in the password, the stronger it is--even with a given number of total characters. If at least one of each group of characters is used (uppercase, lowercase, symbols, numbers), every added character adds a large number of possibilities to have to go through in order to be able to successfully brute-force the password.

Length and complexity are the key; the idea is to increase the total number of possible combinations to make it take an extremely long time to crack, and each added character adds to that time. But equally importantly... don't use the same username/password combo across more than one site! This is especially true with passwords used for sensitive (ie. bank) accounts. You don't want to use those ones for web forums, online VoIP services, online pizza delivery services, etc.

Steve Gibson and Leo Laporte have talked a lot about this on Security Now. Here is a link useful page on Steve's site with an interesting clip halfway down the page taken from one of their podcasts (episode 303, I believe):

His pseudo-random password generator is also useful, and the podcast itself tends to be a good listen.

Edited 2012-11-11 04:43 UTC

Reply Parent Score: 2

RE[2]: make 'm long
by Soulbender on Sun 11th Nov 2012 05:55 in reply to "RE: make 'm long"
Soulbender Member since:

Steve Gibson

Congratulations, your technical credibility just went rock-bottom.

Edited 2012-11-11 05:55 UTC

Reply Parent Score: 2

RE[3]: make 'm long
by UltraZelda64 on Sun 11th Nov 2012 06:01 in reply to "RE[2]: make 'm long"
UltraZelda64 Member since:

Congratulations, your technical credibility just went rock-bottom.

Care to say what your references are, what your complaints are of his views on security, and how you do things differently? Many of the things I do really are, IMO, common sense and can be found at various web sites; Steve just happens to have made a few podcast episodes that put it all together and explains it nicely in ways that are easy to understand.

That said, just go use the password "pee" or "poop" or something like that if you want. As far as I know he never recommended anything like that, so it must be safe!

Edited 2012-11-11 06:04 UTC

Reply Parent Score: 2