What Makes a Good Password?

  • Due May 7, 2018 at 11:59pm
  • Points 2
  • Questions 2
  • Time Limit None
  • Allowed Attempts 2

Instructions

Passwords are important. They are like a lock on your door. If you want to try to keep your family and belongings safe, you want a good lock (backed up by good intrusion and security monitoring – but that is another lesson).

I Changed All My Passwords To Correct Picture

Before we talk about good passwords, let’s talk about what NOT to do. No sense creating a great password if it is just going to be compromised. The University of Maryland has about the best run down on passwords, so I’m just using their stuff:  https://www.cs.umd.edu/faq/Passwords.shtml

THE DON'TS:

  • NEVER, EVER GIVE YOUR PASSWORD TO ANYONE. ANYONE! No coworker, spouse, kid, vagrant, or IT person
  • DO NOT WRITE IT DOWN. Make your password something you can remember. If you forget the password, there are ways to reset a password
  • Do NOT make your password easy for others to guess
  • Do NOT change your password because of email from someone claiming you need to update your account! Don’t get scammed into divulging your information.
  • Do NOT use the same password for every account
  • Do NOT keep the same password forever. Change your passwords on a regular basis

 

HOW NOT TO CHOOSE A PASSWORD:

There are computer programs (crackers) that can quickly run through thousands of words and word combinations to gain access to your personal sites (bank accounts, credit card, retirement accounts, email, company logins…). Don’t make it easy for a computer program to access your accounts.

OLD DAYS:  The University of Maryland IT department “used to tell people that taking a word and substituting some characters (a 0 (zero) for an o, or a 1 for an l) made a good password. This is no longer the case. New crackers have the capability to crack things like this, in certain situations.”

Do NOT use:

  • Words in the dictionary
  • Words in ANY dictionary
  • Your user name
  • Your real name
  • Your spouse’s, kid’s, pet’s name
  • Anyone’s name
  • Any word in a “cracking dictionary”
  • Any of the above, with a single character before or after it (8dinner'', ``happy1'')
  • Any of the above, capitalized (cat --> Cat)
  • Any of the above, reversed (cat --> tac), doubled (cat --> catcat) or mirrored (cat --> cattac)
  • Words like foobar, xyzzy and qwerty are still just plain words. They are also popular passwords, and the crack programs look for them. Avoid them
  • Any of the sample passwords, good or bad, mentioned in this document

 

FINALLY, HOW TO CHOOSE A GOOD PASSWORD:

Choose something that no one but you would ever think of. The best password is one that is totally random to anyone else except you. It is difficult to tell you how to come up with these, but people are able to do it. Use your imagination!

 

  • Choose a password with at least EIGHT characters; preferably more
  • Mix lower- and upper-case letters, numbers, and special characters
  • The license plate rule: take a phrase and try to squeeze it into eight characters, as if you wanted to put it on a vanity license plate
  • Some people like to pick several random small words, separated by punctuation marks of some kind
  • Put a punctuation mark in the middle of a word, e.g.,  vege%tarian
  • Use some unusual way of contracting a word. You don't have to use an apostrophe
  • Deliberately misspelling one or more words can make your password harder to crack.
  • Use several of the techniques above

 

Examples:

TfhIeliw613FS.Rw$4pm - Use an easy to remember sentence like “The first house I ever lived in was 613 Fake Street. Rent was $400 per month.” You can then turn that into a password by using the first digits of each word, so your password would become TfhIeliw613FS.Rw$4pm.  Very hard to guess or crack, but easy for you to remember.  HowToGeek at https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

 

yCag5wyw - Think of an uncommon phrase, and take the first, second or last letter of each word. "You can't always get what you want" would yield ycagwyw. Throw in a capital letter and a puntuation mark or a number or two, and you can end up with yCag5wyw

 

kEp*-h&y - kEp is short for keep; *- is a visual for laser (like those signs that you see outside of physics labs), and h&y is short for handy. "Keep your laser handy!" I couldn’t even “decode” the password, so guessing it would be pretty tough.

 

correcthorsebatterystaple – string several unrelated words together and then make a picture in your mind that helps you remember. The picture below shows how long it would take to crack two different passwords (3 days for Tr0ub4dor&3 and 550 years for correcthorsebatterystaple). Be sure to look at the last cell to see how to remember the password.

FourRandomWordExample.PNG 

Password Managers:  There are several programs that will “keep” your passwords for you so you don’t have to remember them. I don’t use them so I don’t have any recommendations. You enter the login web addresses (URLs) and the password. That way you only have to remember the password to unlock your password manager.

 

Complete the quiz below. Select the best answers and then hit submit.

Only registered, enrolled users can take graded quizzes