When setting up new Computers and supporting customers at home it still amazes me how many people demand no password at all. This is a personal preference that wouldn't be suitable for a business Computer but what do people do when they need to create a password for online banking, credit cards, Paypal and e-mail? They generally have no password on their Computer because they feel they won't remember one so when it comes to the above they choose family names, pet names, or the town where they are living because then they can remember this.
There have been numerous surveys of the top ranking passwords and one of the favourites is always password, those that want to step up security go for Password and those that want to go a step further go for Password1. Unfortunately all of these rank in the top 10 and whilst you may get away with it for your e-mail address your bank won't accept it along with your name, surname or date of birth? Why? All of these passwords can be guessed - you will not need to be targeted by a highly skilled Computer hacker - your next door neighbour's four year old will guess your password!! You also need to be aware that because the vast majority of websites use your e-mail address as the username that a potential hacker already has half the information he needs to get into your accounts. If you have e-mailed him or even made a Paypal payment to him he has your e-mail address. Therefore all he needs is your password to access your account and if he can guess it he's in. Once he is in to one website he will try the same password at all the other popular websites like Paypal, e-bay, Amazon, Credit Cards , Online banks. If you use the same password on every site and you get one site hacked you need to start changing passwords very fast.
So far I have only covered somebody having a guess at your passwords. The next level of attack is somebody attacking a business where you hold an account and you will all be familiar with some well known names that have been hacked. Once a hacker has managed to beat the Company's firewall he will immediately target the Company's password database. This is simple to find if you understand Microsoft's Server structure as it's always in the same place and you then run a password cracker against this database. Passwords are not stored in plain text so they have to be cracked but how long will your password stand up to an attack? A Dictionary attack takes seconds and if your password is in the dictionary it will be cracked in less than a minute regardless of how many letters it contains. Passwords not cracked by a dictionary attack are then the subject of a "brute force" attack. This involves a Computer trying every possible combination of letters, numbers and special characters in order. Passwords with the fewest characters will be cracked first and those with longer passwords will withstand the attack for a far greater length of time. Once you pass 8 characters (the normal minimum) each additional character can add hours to the attack time and as the length increases one character can add days. Time is the enemy for hackers and they will almost certainly quit or be cut off before they have cracked the longest passwords so bear this in mind when creating a password. Also bear in mind though that the processing power of Computers increases day by day and hackers combine the processing power of multiple Computers to maintain an attack and therefore the time taken to crack passwords using the "brute force" method is constantly reducing.
If you are still reading you are hopefully convinced you need a strong password so how do you create something that you can remember? There are many answers to this question including pass phrases but I prefer to combine two unrelated things. Bear in mind that I have advised you not to use anything in the dictionary or any family or pet names commonly found on Facebook, however the combination method does allow you to get around this with a few minor adjustments. One of my favoured methods for the first part of the password is car registration numbers. Now of course it is easiest to go for your current car as you can just look out of the window but do bear in mind that your neighbours can do that too. I therefore recommend going for a car you had a few years ago. So for instance this may give you j122xhz. You can then choose any other subject that you are interested in for the second part of the password and whilst it is best if you don't pick something too obvious there is still a way to increase the security. I'm going to pick a football team Chelsea only I'm going to capitalise letters in the middle of the word rather than the beginning and also double up the capitalised letter. For example chEElsea and therefore the password would be j122xhzchEElsea. This is a 15 character password that won't be found in the dictionary, contains random upper and lower case letters and numbers that you should be able to remember. You can increase the security further with a special character. You could join the words with an asterisk * or end them with a close bracket ). j122xhz*chEElsea or j122xhzchEElsea). The next question is how do you create multiple passwords around this theme. Well simply switch the two words and change the capitalisation so cheLLseaj122xhz can be another password and so the theme continues.
If you still feel you must write passwords down you can just record the changing characters so for instance Bank EE and Credit Card LL. I recommend keeping this to Bank and Credit Card rather than Lloyds and MBNA card. Some people will doubtless say that they cannot remember registration numbers in which case just pick two unrelated words and double up and capitalise a couple of letters in the middle. Ideally this won't be Dave and Steve but the good news is if you get it right it will still survive a dictionary attack.
