Maybe your password doesn’t really matter. A determined hacker with enough computing power can guess your password fairly quickly. But please! For Pete’s sake, please try to make your password difficult for others to guess!
My early career was in IT and I’ve seen many stupid passwords. The problem spans the entire organization. The CEO at one company I worked for had the password “getrich”. The CFO at another company had “123money”. These are smart people. Why did they pick such incredibly stupid passwords?
Most people choose poor passwords. Need proof? Three popular sites were hacked and passwords were captured and subsequently disclosed. You can find a summary of the most popular passwords over on Jimmy Ruska’s blog. There’s another list over on boingboing. Any of them look familiar?
Here’s an incredibly simple way to make your password stronger. Stop thinking of words and start thinking of phrases. Let me give you an example.
My favorite band is The Who. As a password, “thewho” belongs on the Incredibly Stupid list. Let’s think of a phrase from one of the band’s most popular songs, “Baba O’Riley”. We’ll use the phrase “They’re all wasted!” That’s 19 characters, and uses punctuation and spaces. In short, it’s a really good password.
What if you can’t use spaces? Take them out! 17 characters – still good!
What if they insist that at least 1 character be a number? You could stick a 1 at the beginning or end but it doesn’t make the password much better. How about this? Substitute the number “4″ for the letter “A”, “3″ for “E”, “1″ for “I”, “0″ for “O”. You don’t need to use these letter/number pairs just make sure you can remember the ones you use. Now, your password is “Th3y’r3 4ll w4st3d!” That’s an incredibly good password and it’s easy for you to remember.
Don’t limit yourself to songs. Favorite poem? “Whose woods these are I think I know.” is a far better password that “123money”. Quote? “A foolish consistency is the hobgoblin of small minds” Get it?
In short, forget passwords and think passphrases. Your data will thank you.
[Aug 23: Be sure and read Marc's post on how easy it is to crack passwords these days]