Creating a Strong Password

As computer users store more sensitive data on their harddrives and the internet, this sets a higher prize for computer hackers to pursue. In this article, I will discuss some common password computer cracking methods that hackers use to figure out people’s passwords and how you can protect yourself in the event that a hacker is trying to break into your account.

 

Here are some examples of usernames and password styles that people tend to use.

 

notsmart_john_doe: 871253
notsmart_jane_doe: catname123
average_joe: p@$$word
average_jane: S3cr3T

 

 

The user “notsmart_john_doe” has a simple password made up of only numbers. Maybe the numbers are his birthday, part of his home address, the last few digits of his social security number, or something else. But either way, if a hacker were working from a normal desktop PC, it would only take them 0.00025 seconds to figure out that his password was “871253”. Guessing numeric passwords in a brute force approach can be calculated very fast.

 

“notsmart_jane_doe” is a user who decided that her password would be a combination of lowercase and uppercase letters. While using a brute force method of approach would take approximately 447 quintillion years to crack her password, hackers have a different way of cracking passwords that trim down the number of possibilities. Another method of password cracking is called a Dictionary Attack. In a dictionary attack, the hacker tries using various combinations of upper and lowercase words that would be found in the dictionary. As long as the words are written in English, the password can be cracked significantly shorter than a normal brute force approach. A password made of only English words is weak as well.

 

Now we can look at “average_joe” and “average_jane_’s passwords. They attempted to make their passwords more secure by switching certain letters to symbols. While in the past, this method was useful for making a password harder to crack, hackers have caught up with the latest trends. Nowadays, hackers have altered their password cracking programs to compensate for this old substitution trick. Instead of just trying all the combinations of upper and lowercase letters, they also try cases where “i” or “I” may have been switched to “!” or “A”/”a” might have been switched to an “@” symbol. Essentially, swapping letters for symbols is no longer as secure as it used to be.

 

So what is the best way to make a good password that cannot easily be cracked?

 

You will want to make a password that is easy to remember, but is not in a dictionary, has symbols that aren’t obvious substitutions, looks complicated, and is long.

Let’s say that my favorite book is Harry Potter and the Sorcerer’s Stone. If I made my password “harryPotterandTheSorcererSStone”, it’s kind of annoying to type and not as secure as it could be, so the key is to shorten the phrase in such a way that I could remember it.

So let’s take the first letter of every word in the title and shorten the password to something like “HPATSS“. That’s a lot less to type than the original sentence, so now we can add some extra characters to it to make it more difficult to crack.

If Harry Potter and The Sorcerer’s Stone is my favorite book, I could add some extra symbols that would make sense to me if I had to remember it, so here is what I came up with as a potential password:

 

“HPATSSim#1b0k@_@”

 

Let’s break my potential password down….

HPATSS” stands for Harry Potter and the Sorcerer’s Stone.

#1b0k” stands for “number one book”, but I didn’t exactly write out “book”,”b00k” or something that a hacker would easily guess would mean “book” and would account for as a possibility in his/her password cracking program.

The “@_@” is like a pair of eyes, reading the book.

The password length is only 16 characters, but is a well written 16 characters that would take approximately 12 trillion years to crack if using a normal computer. No dictionary attacks are going to figure out your password. A hacker would have to resort to brute force to crack your password and there simply isn’t enough time to try all the possibilities.

 

Hopefully this will inspire you to create a strong password for your login information. So good luck with your password creations and stay secure!

 

And just in case you’re curious, none of the above passwords are mine or real. I write my passwords in Chinese. For some advanced reading on other password cracking methods, check out Rainbow Tables!

Problems? Contact Brian Mendonca. Copyright © UC Regents, Davis campus. All rights reserved. Last Major Site Update: 6 July 2016