Passwords
This page has content from one of the presentations to the New Plymouth GCG.
These days, everyone needs passwords when using computers. We use them to log on to our computer, and to get access to various on line services. These include web based mail services (like gmail), pay to use services (like Ancestry.com) and on line banking. Passwords are also used for other purposes, such as encrypting files.
It is important that you prevent others using your passwords. Otherwise, they can access your on line bank account, invade your privacy, destroy your reputation or credit rating, or get up to other mischief.
There are a number of ways bad guys can get your password, also known as password cracking.
- dictionary attacks - trying all the words in the dictionary as the password. Specialist dictionaries are used, stocked with commonly used passwords.
- brute force attack - trying every possible combination of characters until one works
- phishing - tricking you into giving them your password, eg by pretending to be your bank or ISP
When you choose a password, be sure to include more than just lower case letters.
| Character set | Population | Characters |
| single case letters | 26 | abcdefghijklmnopqrtsuvwxyz |
| upper and lower case letters | 52 | abcdefghijklmnopqrtsuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ |
| letters and numbers | 62 | abcdefghijklmnopqrtsuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 |
| letters, numbers and others | 91 | abcdefghijklmnopqrtsuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^&*()_-+=: ;[]{},./\?<>~" |
The brute force attack takes longer to crack longer length passwords, especially if they are made up from a larger character set. The effect is exponential. One more character makes it a lot more difficult, not just a little bit harder. And the same applies to the size of the character set. Therefore, be sure to use upper and lower case letters, numbers and characters in your password.
| single case letters | upper and lower case letters | letters and numbers | alphanumeric | |
| characters in set | 26 | 52 | 62 | 91 |
| 4 | < 1 sec | 1 sec | 1½ sec | 7 sec |
| 5 | 1 sec | 38 sec | 92 sec | 10 min |
| 6 | 31 sec | 33 min | 1½ hr | 16 hr |
| 7 | 13 min | 29 hr | 4 days | 60 days |
| 8 | 6 hr | 62 days | 253 days | 15 yr |
| 9 | 6 days | 9 yr | 43 yr | 1,356 yr |
| 10 | 164 days | 458 yr | 2,660 yr | 123,400 yr |
Password Guidelines
For a strong password, follow these guidelines.
- use a wide character set - upper and lower case letters, numbers and other characters
- use a good length - at least 8 characters long
- choose somthing unique to you
- don't use a word or common sequence
- don't store it on your computer, or write it down
- never give your password to anyone, not even to your bank, IT technician or ISP
Here are some examples of weak passwords.
- password or password1
- qwerty or asdf, keyboard sequences
- your logon name - ie user: George, password: George
- tbontb (from "to be or not to be")
- helpdesk or admin, common passwords
- ABC123, a simple sequence
- 3.14159, a special number
One way of making up a strong password for yourself is to think up a phrase about something that is unique to you, and take the first letter from each word, being sure to include upper and lower case, at least one number and a special character or two. Here are some examples of passwords using this method (and no, don't use these ones yourself).
- mNl@62CS (from "my Neighbour lives at 62 Carrington Street")
- uG'swlt73 (from "uncle George's wife lived to 73")
- G!wwgi2. (from "Gosh! WOMAD was great in 2007.")