Transcript
How to pick a proper password
PAUL DUCKLIN
Hello everybody. I'm Paul Ducklin. And this is a two-minute tutorial on How to pick a proper password.
Number one. Make your passwords hard to guess. The crooks have dictionaries, books, movie scripts, song lyrics, Facebook, Twitter, and much more. So avoid passwords based on nicknames, birthdays, quotations, pets, anything of that sort. And don't forget that easy passwords don't get harder if all you do is add some digits on the end. Password cracking programmes can do that, as well.
Point two. Go as long and complex as you can. Random, eight-letter passwords look pretty tough, with 26 to the power 8 possibilities. That's a whopping 200 hundred billion. But a password cracking service costing less than $20,000, under ideal circumstances, can try out more than 100 hundred billion passwords each second. So mix together uppercase, lowercase, digits, and punctuation.
And aim for 14 characters or even longer. That may look terribly complicated, but you can make up a little saying to help you out. If you don't like that approach, some people take several unusual words and combine them into a meaningless phrase, like the XKCD cartoon's famous correct horse battery staple password. But watch out for words that relate obviously to you. They do need to be unusual.
And Point three. Consider using a password manager. Examples include LastPass, KeePass, and 1Password. Password managers can make up complex, random nonsense for each account, plus they remember which password goes with what website. That also helps protect you from phishing, because you can't put the right password into the wrong page. But do remember, you will need a really good password for the Password Manager itself.
So let's go over the points again. One, make your passwords hard to guess. Two, go as long and complex as you can. Three, consider using a password manager.
And no, we haven't forgotten. Number four. One account, one password. Don't reuse passwords.
Don't make things easy for the crooks. And until next time, stay secure.