|
|
Use Strong Passwords
 Use strong passwords for all of your computer accounts. One of the easiest ways for
someone to gain access to your account is to determine your password. Here are
some suggestions for creating passwords:
- Use at least 8 characters when creating a password.
- Include letters, numbers, and special characters such as @, #, *, $.
- Use upper and lower case letters.
- Don’t use commonly spelled words. For example, instead of using
“sunshine” you might use “L3tTh3$$hIne” instead.
- Don’t write your password down – memorize it. You might easily remember
the phrase “Let the Sun Shine” to remember L3tTh3$$hIne.
- Don’t give your password to anyone else.
- Change your passwords routinely – at least every 60 days.
How Fast Can Someone Guess Your Password?
The table below is calculated by assuming 100,000
encryption operations per second. This is a plausible number for a
desktop PC today. Password lengths from 5 to 12
are shown. The numbers at the top, 26, 36, 52, indicate the number of
characters from which the passwords are formed. The times shown are the times to process the entire set of passwords
thus the average time to crack passwords would be one half of the listed
times.
| Times Needed to Crack Passwords |
| Number of Characters in Password |
Total Number of Characters from Which Password
is Selected |
26
(lower case letters only - abc) |
36
(lower case letters plus numbers - abc123) |
52
(upper and lower case letters - AaBbCc) |
| 5 |
1.98 minutes |
10.1 minutes |
1.06 hours |
| 6 |
51.5 minutes |
3.74 hours |
13.7 days |
| 7 |
22.3 hours |
9.07 days |
3.91 months |
| 8 |
24.2 days |
10.7 months |
17.0 years |
| 9 |
1.72 years |
32.2 years |
8.82 centuries |
| 10 |
44.8 years |
1.16 millennia |
45.8 millennia |
| 11 |
11.6 centuries |
41.7 millennia |
2,384 millennia |
| 12 |
30.3 millennia |
1,503 millennia |
123,946 millennia |
Strong Passwords
courtesy of Virginia Commonwealth University
|
Strong passwords cannot be
guessed easily. Hackers often use automated tools to help them
guess or crack passwords, and the easier a password is to guess,
the faster a hacker can break into a system. Here are some
guidelines to assure your passwords are strong:
| DO THIS: |
DON'T DO THIS: |
| Make your passwords at least seven
characters long |
Use all or part of your login name |
| Include upper and lower case letters,
numerals, and symbols |
Use a real word in any language |
| Use at least one symbol character in
the second through sixth position |
Use numbers in place of similar letters
to form a word |
| Use at least four different characters
(don't repeat the same characters) |
Use consecutive letters or numbers
(e.g., "abcdefg" or "234567") |
| Use random numbers and letters |
Use adjacent keys on your keyboard
(e.g., "qwerty") |
Many people write down their secret password, and tape it to
the monitor or tuck it into a desk drawer next to their
computer. The following are a few recommendations for handling
your passwords more safely:
| DO THIS:
|
DON'T DO THIS: |
| Keep your password secret |
Write down your
password |
| Use different passwords for different
web sites |
Use the "remember
my password" features on the web |
| Change your passwords at least every
six months |
Keep the same
password for a long time or keep reusing old passwords
|
|
|
|
