Making Strong Passwords
In today’s society, computer-based user accounts that require a username and password are very common in workplaces, schools, and homes for various applications. E-mail accounts, online bank accounts, social networking profiles, and many other instances of private information are all secured by user created passwords. With so much data at risk, it should be safe to assume people would generate passwords worthy of protecting their assets. However, a study performed by Burnett (2006) of millions of passwords revealed that the top five-hundred user passwords were significantly weak and at extremely high risk of theft. In order to properly safeguard user accounts and associated data, users must disregard sub-par password creating practices and learn to create unique, complex, and robust passwords. A concrete understanding of the composition of a weak password is required prior to attempting development of a strong password. A weak password can be easily guessed, cracked, or stolen for one or several reasons. Examples of weak passwords and explanations of why these passwords are weak will be provided in the next five paragraphs. By avoiding these mistakes, users can strengthen their passwords and ultimately provide better protection of sensitive information. A password should never consist of regular words that can be found in the dictionary like “soccer” or “watermelon” (Burnett, 2006). First, passwords that consist of common words have the potential to be guessed with enough attempts by a hacker, also known as a brute force attack (Bahadur, Chan, & Weber, 2002). Second, passwords that are dictionary words are vulnerable to another type of brute force attack called a dictionary attack (Nemati, 2011). A dictionary attack is an attack in which a hacker uses software to attempt to guess a password by entering every word in the dictionary (Nemati, 2011). Simply by adding a mixture of special characters, numbers, and letters into a password, a user can help protect their accounts from brute force and dictionary attacks (Bahadur et al., 2002). Default passwords, passwords that are pre-configured company, manufacturer, or vendor passwords, are another example of weak passwords (Nemati, 2008). Most of these passwords are widely known or can be easily found on the internet (Nemati, 2008). Utilizing default passwords basically provides an open invitation to hackers to access your protected information (Nemati, 2008). Users that wish to thwart this risk should ensure that no account uses any form of a default password. Sometimes a user can create passwords that are so complex that the passwords actually become indirectly weak (Burnett, 2006). In some cases these overly complex passwords are due to strict administrator requirements (Burnett, 2006). When passwords become this complex, users typically can’t memorize their passwords and are forced to write them down somewhere that is not secure (Burnett, 2006). With a password written down in a manner that others can discover it, the password and ultimately the associated account is no longer secure, regardless of the password’s complexity. First, users should never write their entire password down in a place that it can be easily discovered. Second, people should create complex passwords that they can memorize by utilizing techniques such as rhyming, association, offensiveness, and many others (Burnett, 2006). Aging passwords can also make passwords weak, that is using the same password for the same account for an extensive amount of time (Burnett, 2006). The longer the same password is implemented, the longer someone has to crack or steal it (Burnett, 2006). Some administrators implement password expiration to combat this weakness, forcing passwords to be changed by the user after a certain amount of time, but this can lead to other...