Passwords protect from an unauthorised entry of the stranger to the confidential space. When you are asked to set a password you will have to make sure that the password you set is unique and is unpredictable. Setting a strong password has got the importance as it will prevent the event where one can guess your password and having access to the confidential space. There is software which is designed to guess your password from the number of your day to day life scenarios. You must set a very difficult password to avoid such.
There are a number of dos and don’ts when creating and managing your passwords, but there are some basics guidelines you can follow.
- Use both upper- and lower-case letters
- Incorporate numbers or punctuation marks
- Use at least one of these special characters: ! @ # $ % * ( ) - + = , < > : : “ ‘ .
- Make it at least 8 characters long.
- A strong password does NOT, in any way, use your personal information, such as name, phone number, Social Security number, birth date, address or names of anyone you know.
- Come up with something you can remember easily, but would be virtually impossible for anyone else to guess.
- Guessing. There are a number of programs designed to guess a user’s password based on information found online about the user, such as names, birth dates, names of friends or significant others, pet names or license plate numbers. They can even search for a word spelled backwards.
- Dictionary-based attacks. Programs and software also exist that will run every word in a dictionary or word list against a user name in hopes of finding or guessing a password.
- “Brute Force” attacks. This attack method refers to trying every conceivable combination of key strokes in tandem with a user name to find the password. There are programs that can run brute force attacks very quickly. The best way to beat a brute force attack is to have a long and complex password, using upper and lower case letters, numbers, special characters and punctuation marks.
- Phishing. This is a common scam technique where a hacker will send out an urgent IM or e-mail message designed to alarm or excite users into responding. These messages will appear to be from a friend, bank or other legitimate source directing users to phony Web sites designed to trick them into providing personal information, such as their user names and passwords.
- “Shoulder surfing.” Be careful when logging on to a computer in public, such as a computer lab, cybercafé or library. There may be hackers lurking around for the express purpose of watching people enter their user names and passwords. It’s a good idea to have a password you can enter quickly without looking at the keyboard.
- Obvious combinations, such as abc123, yournamexyz or yourname1, combinations of addresses and phone numbers, or your mother's maiden name
- Any part of the user name with a slight variation for the password
- The word "password"
- 123456789 or a similar string of sequential numbers or letters
- Words in the dictionary that a hacker using a dictionary program can easily hack
- Any personal information at all
How to generate complex/good password ?
- At least eight characters.
- One or more of each of the following:
- lower-case letter
- upper-case letter
- punctuation mark
- Lookalike characters to protect against password glimpses. Examples:
- O as in Oscar and the number 0.
- Lower-case l and upper-case I.
- The letter S and the $ sign.
How can you improve your password complexity to improve your password security? Passwords should always:
- Be at least 8 characters long
- Be unique to each login
- Contain a mixture of upper- and lowercase letters, numbers, and symbols, such as *, ^, }, |, ), _ and others