Historically there are two schools of thought regarding the creation of passwords. The first is to use a password or passphrase that contains numbers, symbols, and upper and lower case characters. Commonly, the numbers and symbols are used as substitutes for letters that resemble the number or symbol. For example E = 3, i = !, a = @, o = 0, P = 9, S = $ and so on. As a result, a password of “security” may appear as “$3cur!tY”. Challenges to using this type of password is that for many users, the symbolic changes will be difficult to remember resulting in the user writing their password down (which compromises the integrity of the password) in hopes that others will not discover their password cheat sheet.
The second historic school of thought would be to use a word or name that is known to them that others may not “know”. Pet’s names, sports heroes, children’s names, month of birth date or anniversary are just a few examples of passwords used. On the up side, these are usually easier to remember, but conversely easier for anyone else to guess. With the prevalence of publicly available information on the Internet, attackers who don’t even know you could potentially discover this type of information and leverage the security of your home computers and networks.
Researching the Internet for a response may prove to be confusing. Valid and reputable sources are split on length versus complexity, so what should you do? Current and future trends dictate that both long and complex passwords/passphrases should be adopted. By nature, password cracking agents will break passwords to be cracked into 7-character subsets and crack the individual subset. In addition, the prevalence of password cracking tools freely available on the Internet provides anyone with the ability to crack ANY password up to 14 characters in length. So, even if your password is “H75r%*,1WxdN.?”, there are free password cracking programs that are able to decipher that phrase in under 24 hours.
So, choose a password that is at least 8 characters in length and create some of the symbol and numeric switches explained in the first paragraph. Also, if you want to use multiple words in a passphrase, utilize the space bar between words. Space would be considered a symbol and can be confusing to some password cracking applications. For example, people who love their computers could create such a password: ! L0v3 mY C0m9u+3r! = I love my computer! The idea is to compile passwords that are tough for others to guess but easy for you to remember. If for any reason you have to write down your passwords or “password hints”, be sure to lock them away so others do not have access to that file/paper.
Finally, be sure to change all of your critical passwords every month or two. What passwords are critical might you ask; any that protect your finances, credit cards, or the computers where you perform such financial transactions.