Why do I need a strong password?
We want to believe that we live in a world where people “just do the right thing”, but experience tells us that is not true. Mavidea requires the use of strong passwords because we understand that there is an Internet “underground” full of people who cause damage and distress, just because they can, or more commonly, for profit. These people will use scanning programs that randomly search the Internet looking for servers and computers, and then scan the servers for access by looking for easy to crack passwords. Most of the time, they don’t care who you are or where you work – they just want in to your computer so they can use it for their purposes.
This guide is intended to help you create strong passwords and remember them.
Creating Strong Passwords
- Your password must contain characters from at least 3 of the following 4 (all 4 is better!) classes and be 8 characters or longer to be considered strong:
Description Examples
- Upper Case Letters A, B, C, … Z
- Lower Case Letters a, b, c, … z
- Numbers 0, 1, 2, … 9
- Special characters (punctuation/symbols) ({},.<>;:”‘/?|`~!@#$%^&*()_-=+)
- Your password may not contain your e-mail name or any part of your full name (see our “Passwords to avoid” at the end of this guide).
- A complex password that cannot be broken is useless if you cannot remember it. For security to function, you must choose a password you can remember and yet is complex.
- Here are a couple ways to create passwords you can remember:
First letter of every word in a phrase or song:
My son is 5 years old = Msi5!YOld
I have lived in California for 5 years now = IhliCf5#yN
The Devil went down to Georgia = TDwd2GA
The Lord is my shepherd and I shall not wander = TLims&Isnw. (you can use the period and symbols (including the “space”) in Windows and a lot of websites)
Mash up a pet’s name with numbers
Buster = bust1936R (ok, it’s Buster with Grandpa’s birthday in the middle and a capital R at the end)
Spot = spot#611 (ok, it’s Spot with a zero and our home address at the end)
Under Windows, use an entire sentence including punctutation.
My name is my passport.
Is it fair to all concerned?
- You can also get a great random password from GRC.com’s Perfect Password page, found at https://www.grc.com/passwords.htm. Clip and save any 8-10 character portion of the password found there and you will have a great password. You may not believe it, but your fingers will automatically remember how to type this crazy password after only 10-12 times of typing it in.
REMEMBER – NO STICKY NOTES ON THE MONITOR OR UNDER THE KEYBOARD!!!
Ok, but why letters, upper case, lower case, etc.?
There are 2 kinds of password cracking programs- dictionary scanners and brute force attackers. Dictionary scanners are literally loaded with every word in the dictionary (usually multiple languages) and they try every word in the dictionary. Trying every word in the English language usually takes a modern computer about 2 minutes, which makes using a word as your password a very bad idea.
Brute force password cracking programs try different combinations of letters and numbers at an average rate of 100,000 tries per second. Faster computers work at 200,000 or more tries per second. Here is a chart that tells how long a password lasts under these conditions:
The password search time with respect to the password and character set size. The search speed is supposedly equal to 100,000 passwords per second (a very decent speed).
| password length / character set | 10 (digits 0-9 only) | 26 (UPPER OR lower case, letters only) | 36 (UPPER OR lower case letters & digits) | 52 (UPPER AND lower case letters) | 96 UPPER AND lower case letters, digits, and all characters) |
| 4 | <1 | <1 | <1 | 1 minute | 13 minutes |
| 5 | <1 | <1 | 10 minutes | 1 hour | 22 hours |
| 6 | <1 | 25 minutes | 3 hours | 1.1 days | 1.5 months |
| 7 | <1 | 11 hours | 4.5 days | 2 months | 12 years |
| 8 | 4 minutes | 12 days | 5 months | 8.5 years | 1143 years |
| 9 | 42 minutes | 11.5 months | 16.3 years | 440 years | 117,500 years |
| 10 | 7 hours | 23 years | 567 years | 23,913 years | 11.5 million years |
So, you can see that by using a password of only 8 numbers, the password would be cracked in 4 minutes with 100% chance of success because it tried every possible combination. In reality, the cracker will probably stumble upon the password sooner, because once it finds the password, it stops. There is a 50% chance it will find the correct password in 2 minutes.
If we look at the 96 column (upper and lower case letters, numbers, and characters), an 8 character password like sp0t#611 takes 1143 years. Even a 1/4 % chance of success will still take over 5 years. These are the kind of odds we like!
Passwords to Avoid at all costs:
- The words “password”, “passcode”, “admin”, “letmein” or any form of those words
- Rows of letters from a keybaord – for instance “qwerty” or “asdf”
- Your username or login name
- The name of your significant other, or a relative or pet
- Birthplace or the birthplace of your relatives or significant other
- Automobile license plate numbers
- Office or cell phone numbers
- The simple modification of any of the preceding by adding a number to it (especially a 1) or reversing the order of the letters.
- Swear words
Social Media Sites
Also, be aware of how much personal information is being posted about you on social media or blog sites!
In 2008, the Yahoo! email account of Governor Sarah Palin was accessed without authorization by someone who was able to research answers to two of her password-reset security questions (her zip code and date of birth) and then was able to guess the third because of information that had been posted about her online.
When a website asks you the answer to one of those password-reset security questions, there is nothing that says you have to give the correct answer, as long as you know what the answer is. So when you get asked what street you grew up on, instead of answering Orchard, type in Willow instead.
