Importance of Creating a Strong Password

A password is a string of characters used to access information or a computer. Passphrases are typically longer than passwords, for added security, and contain multiple words that create a phrase. Passwords and passphrases help prevent unauthorized people from accessing files, programs, and other resources. When you create a password or passphrase, you should make it strong, which means it's difficult to guess or crack. It's a good idea to use strong passwords on all user accounts on your computer. If you're using a workplace network, your network administrator might require you to use a strong password. In wireless networking, a Wi‑Fi Protected Access (WPA) security key supports the use of a passphrase. This passphrase is converted into a key that is used for encryption, which is not visible to you

Importance of Creating A Strong Password 

The use of strong passwords can slow or often defeat the various attack methods of compromising a terminal’s security. Although many alternatives for user authentication are available today, most users log on to their computer and on to remote computers using a combination of their user name and a password typed at their keyboard. Some retailers will configure their Point of Service terminals to auto login on boot. Some retailers will allow the user to select their own password. To make it easier to remember their passwords, users often use the same or similar passwords on each system; and given a choice, most users will select a very simple and easy-to-remember password such as their birthday, their mother's maiden name, or the name of a relative. Short and simple passwords are relatively easy for attackers to determine. Some common methods that attackers use for discovering a victim's password include:

• Guessing—The attacker attempts to log on using the user's account by repeatedly guessing likely words and phrases such as their children's names, their city of birth, and local sports teams.
• Online Dictionary Attack—The attacker uses an automated program that includes a text file of words. The program repeatedly attempts to log on to the target system using a different word from the text file on each try.
• Offline Dictionary Attack—Similar to the online dictionary attack, the attacker gets a copy of the file where the hashed or encrypted copy of user accounts and passwords are stored and uses an automated program to determine what the password is for each account. This type of attack can be completed very quickly once the attacker has managed to get a copy of the password file.
• Offline Brute Force Attack—This is a variation of the dictionary attacks, but it is designed to determine passwords that may not be included in the text file used in those attacks. Although a brute force attack can be attempted online, due to network bandwidth and latency they are usually undertaken offline using a copy of the target system's password file. In a brute force attack, the attacker uses an automated program that generates hashes or encrypted values for all possible passwords and compares them to the values in the password file.

Tips for Making a Strong Password/Passphrase

Each of these attack methods can be slowed down significantly or even defeated through the use of strong passwords. Therefore, whenever possible, computer users should use strong passwords for all of their computer accounts. Listed are some criteria for creating a strong password/passphrase:

• A strong password:A strong passphrase:Is at least eight characters long.
• Does not contain your user name, real name, or company name.
• Does not contain a complete word.
• Is significantly different from previous passwords.
• Is 20 to 30 characters long.
• Is a series of words that create a phrase.
• Does not contain common phrases found in literature or music.
• Does not contain words found in the dictionary.
• Does not contain your user name, real name, or company name.
• Is significantly different from previous passwords or passphrases.

(Note: Windows passwords can be much longer than the eight characters recommended above. In fact, you can make a password up to 127 characters long)

Strong passwords and passphrases contain characters from each of the following four categories:

Character categoryExamplesUppercase letters

A, B, C

Lowercase letters

a, b, c

Numbers

0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces

` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; " ' < > , . ? /

A password or passphrase might meet all the criteria above and still be weak. For example, Roses4U meets all the criteria for a strong password listed above, but is still weak because it contains a complete word. R0s3s 4 U ! is a stronger alternative because it replaces some of the letters in the complete word with numbers and also includes spaces.