 | NAGY ENGINEERING - WEB NOTE |
Strong or Week Passwords - The How and Why of Selection
The first line of defense on any network computing environment, and sometimes the difference between survival and complete ruin of one's computer account, is a well picked password. Therefore password selection should be done very carefully. With the advent of the Internet, all sorts of "on-line" activities proliferate. Unfortunately for an ever-larger number of users, so is the braking into accounts, and the illegally appropriating of sensitive private information.
In a common computing session, on almost any but the most ancient personal computer, the first requirement is usually the "logging in". Almost anybody tries to skip this annoying, yet very important step. Only in a single computer, single user, non-connected computer environment this login may be unnecessary. In any other computing situation, however this "annoying" login procedure can be a much-unappreciated true lifesaver. But this great benefit is realized only after its importance becomes clear.
Quite regretfully, anybody I know of ignores the significance of the careful selection of good passwords. Older folks are much more careless with their passwords then computer savvy younger ones. Usually it happens that way, because selecting of a truly useful password requires some careful and premeditated thought process.
Almost any network host is outfitted with a password-checking, dictionary comparing software. These programs are also the most popular and often used hacker tools. Some of this software tools are so clever that even misspelled or slightly modified words are quickly detected. The purpose of such computer programs is to find and disallow weak user password selections. Weak passwords are names and words contained in published dictionaries in any known languages!
The most horrible looking garbled character strings usually makes the best passwords. Unfortunately for ordinary humans, those are the also the hardest to remember. The password "P7qR{9-x" is a strong password made up of a random character string, it has no meaning in any languages, therefore it does NOT appear in any dictionary. This kind of passwords are usually computer generated and assigned to new user accounts. In almost all computing environments passwords are always case sensitive. For a computer the words "User" and "user" are two distinctly separate entries. Usually they seldom have a long life as the new accountholder quickly changes them to something trivial like "dog", "cat" or Willie".
Because of old conventions in computer evolution, passwords are usually limited in length to eight to ten characters. Naturally the longer is this password character string, the harder it is to break it. Also helps if it does not have within it repetitious characters. A password like "001122", or "abccba" is reducible to only three distinct characters, therefore it should be avoided. Equally bad choices of words are simple names and predictable number sequences like "0123".
When a password is written down, it looses some of its magic power. Not only access to the written record is hard to control, but also the user can't find it when it is most needed. Clearly a good compromise is required. The easy to remember common word when augmented with some judiciously selected control characters and numbers would be such a powerful compromise. A "User07x" is not that hard to remember. And when that zero is written as "User()7x" the password becomes that much stronger.
| Copyright © 2011 K Nagy - http://www.NagyEngineering.com - All Rights Reserved Page Revised: 2011-04-01 - - Privacy Policy - Site Map |