3 Steps to An Unguessable Password


Passwords are more than a necessary inconvenience to access hosts, files, and applications. Instead, they assist with security for accounts and information. Many people, unfortunately, choose weak over strong passwords for convenience. There is a process, however, that can help users create meaningful but strong passwords. 

The primary form of host, file, and application security is through the use of a user identification (userid) and a password. The userid identifies a specific account holder while the password validates the user’s identity. Protecting the userid can be difficult because it may be part of an email address or the email address itself. Unfortunately, this information may be available on the internet (e.g. resume or company website) or on a business card. With half of the access combination available to unethical hackers the password becomes the last line of defense for unauthorized access.

Password selection is a balance between convenience (easy to remember) and security (hard to guess). Most people, unfortunately, prefer convenience. In 2012, the most common passwords were "password" and "123456." These passwords are easy to remember, but they are too common and weak to provide adequate security. Users can create a strong and easy to remember password in three steps.

The first step is to review three recommendations for strong passwords. Author Brian Krebs recommends using "a combination of words, numbers, symbols, and both upper- and lower-case letters." He also advises against using words that can be found in a dictionary or “simple adjacent keyboard combinations” like QWERTY.

Security specialist Bruce Schneier recommends using a meaningful sentence to create a strong password. His example of "This little piggy went to market" could be converted to "tlpWENT2m". The user can find a meaningful phrase or event that can be remembered but converted into various letters, numbers or symbols.

A final recommendation is to utilize a long password. Password length is also related to strength since there are more character combinations. The increased length, in turn, requires more guesses to finally crack the password.

The second step is to use a password strength checker and a search space calculator. The checker provides an opportunity to see strength criteria and utilize them in password creation. The calculator, on the other hand, allows the person to see how long it would take to crack a password. Both provide a visual understanding of password strength.

The third step is to create a password. A user can think of a meaningful phrase, convert it and check it with the tools. This process can take some time as words or characters change to improve strength. At the end, though, will be a memorable and strong password.

The future of passwords is uncertain as organizations and industry look for other ways of user authentication such as biometrics or tokens. Until those technological advances become the standard, the userid/password combination will continue to be the norm. That means that users must protect their assets and information through strong passwords.