# Elements of a Strong Password

### Elements of a Strong Password

In a few words, a strong password is a random bunch of letters , numbers , and characters , usually eight or more digits long. The eight-character thing is really about the math and not a hard-and-fast rule. In fact, the more digits, the better, but only if the password is truly random. Let's look briefly at why random passwords are so hard for Crack to break.

Assume for a moment that you have a completely random password, one that cannot be found in even the most complete cracking dictionary on Earth. In this case, the only way to crack the password is the brute-force method of checking against all possible character combinations. The best defense against this method is to stack the odds in your favor so that it comes close to mathematically impossible to guess the password.

Here is how that is done. To start with, we have a lot of characters to work with:

• There are 26 letters in the English alphabet (az).

• All can be capitalized (AZ) or lowercase (az).

• There are 10 numeric digits (09).

• There are roughly 30 other special characters on a standard keyboard (!, <, @, >, ?, and so on). Not all are accepted by password-checking tools, so let's say about 15 of the 30 are.

If you create a truly random pattern of letters, numbers, and characters, there are about 77 possibilities for each digit in the password. If you use 8 characters, you raise that number to the power of 8, which gives you 1,235,736,291,547,681 combinations. It would take an awful lot of computing power (and several years ) to try all the combinations that would eventually result in the right answer. To make it even harder on any would-be crackers, in addition to using a strong password you should change passwords periodically (we discuss how often a little later).

### How to Create a Strong Password That You Can Remember

So here you are, knowing that you need a strong password, but how are you supposed to remember *Dsq#}3frP and 17 other uniquely random passwords for all your various accounts?

The answer is that you can use some personal information that will be easy for you to remember but difficult for others to guess. Here is how:

 Step 1. Start with a sentence about you or your family . For example: My sister Joanne is four years older than my brother Matt. Step 2. Take the first letter of each word . If you have a number in your sentence use the number. The base password is now: msji4yotmbm Step 3. Make case substitutions . With this sentence, we could use the grammatical capitalization for the password, giving us: MsJi4yotmbM Step 4. Make character substitutions . Finally, look for opportunities to use other characters that will still be easy to remember, such as \$ for s . Our final password looks like this: "M\$J!4y0tmbM"

This is a very strong password, nearly impossible to guess, but relatively easy for you to remember.

• Do not reuse passwords . If at all possible, try to use a unique password for each of your accounts. If you only have one or two password-protected accounts, this should not be too hard. If you have several, however, it might be difficult to remember them all, even with the technique covered earlier. Consider writing them down in a safe place (but see the next tip).

• Avoid using your passwords on public computers . Even if the remember-password function is turned off, there could be a keystroke logger or other hacking tool that someone has installed. Anything you type could be collected and used against you.

• Never enable the remember-password option in Windows or Internet browsers . Even if you are using a computer that no one else uses, do not use this option. (This should be doubly obvious if you are using a shared computer.) Having this option turned on may be convenient , but if you ever lose your laptop (or if it is stolen), someone can easily check all the sites recently visited with your browser and get easy access to all your private information.

• Never share your password with anyone . If you do, change it right away.

• Never send your password in an e-mail . This is especially the case if you receive an e-mail asking for your account information even if the e-mail looks legitimate . (See Chapter 7, "Tip 7: Recognize and Avoid Phishing Scams.")