How to Make Good Passwords

As security goes, passwords aren't that great. Most of us can't think of an alphanumeric code that would stymie password cracking software. However, you're still going to need passwords for the foreseeable future.  Your ability to use the Internet is extremely limited without them. Edward Snowden himself has been taking some online flack for telling John Oliver that "MargaretThatcheris110%SEXY" is a secure password. Sure, it's a long(ish) phrase as passwords go, and the opinion expressed is perhaps not one widely shared, but it's an English phrase, and recognizable as such. Password cracking programs have algorithms that are capable of recognizing patterns from human languages.  And as Joseph Bonneau, a cryptography researcher interviewed for the linked article above, said, "People are bad at producing randomness." So what can we do? Adding characters to phrases can certainly help. For example, substituting a  with @  in Snowden's phrase, resulting in "M@rg@retTh@tcheris110%SEXY," makes it less predictable.  But what's really best, Bonneau says,  is something truly random.  Take a phrase you can remember that doesn't make any sense, such as "potato_goatdrive fish's_neck." What I've written sums up the high points of the Wired article in the above link, but you should really read it in its entirety. And if you're still interested in learning about passwords and security, read this blog post by security expert Bruce Schneier. And read this piece from RaiderSec about how browsers store passwords.

Add new comment