How To

How to Write Good Passwords

A good password isn't a password at all. Instead, it's a system for creating codes that are easy to remember but hard to crack.

By Sarah D. Scalet

The payoff: We started with a password of five lowercase letters, which has 11,881,376 variations (26 to the fifth power, for math wonks). After step three, our password has more than 10 trillion combinations of characters (72 to the seventh power). Even a desktop computer that can guess a million passwords per second will need more than three months to run through all those possibilities.

Step 4: Write down your hint. As long as you understand your methodology and rules, now you can write down a mnemonic device that will jog your memory without being obvious to anyone else. You should still keep this piece of paper hidden, though. Author and security expert Bruce Schneier recommends keeping actual passwords on a piece of paper in your wallet, because you guard it closely and know when it goes missing. Keeping hints there should be even safer. This would be enough to make us remember that we used the title "The Cat in the Hat" to generate our basic password.

Step 5: Repeat. While you can use the same core phrase for multiple accounts, make sure that you establish different levels of passwords. You could use the same core phrase for all accounts that don't involve financial information, another one for accounts where you've used your credit card number and a third for online banking. In an ideal world, passwords should be changed at least every 90 days. But most of us would be doing pretty well if we changed them whenever daylight-saving time starts and stops.

Other stories by Sarah D. Scalet

• Email
• Print
• Comments
• Digg This
• SlashDot