Posted 06 Jun 2010
My friend Bill asked me to do a guest post on his website on something to do with technology security, since I'm his resident geek friend. Without hesitation, I quickly told him one thing: good passwords. Now, passwords aren't the be-all-end-all for data security, but strong passwords and password strength are the heart of any strong privacy system. They keep people out and only give access to data to those in the know.
Good Password Tips
For my data privacy, I use a concentric circle model: I start with a strong core and add successive layers of strength around the core. Starting with a core of strong passwords, enveloped by successive layers of strong technology, your data has a much better chance of staying private.
Password Strength
This presents an obvious question: what makes a good password? Password length and password content. I'll use a briefcase combination lock to illustrate my point.
A typical briefcase uses a three-digit combination lock to keep its contents secure. The number of placeholders determines the number of total possible combinations. With a briefcase combination lock, since there are three digits in the combination, there are three placeholders.
For each placeholder, there are 10 possibilities: 0-9, or 10 digits. Since there are three placeholders, the total possible combinations are 10 X 10 X 10, or 1,000 possibilities. An industrious child with time on his hands could work through those possibilities, making it a fairly weak password system.
What if we throw in a second three-digit combination lock? Assuming you use different combinations for each lock, you've just doubled your security.
However, instead of adding a second lock, what if we increased the length of our combination? With a four-digit combination lock, there are 10 X 10 X 10 X 10 total possible combinations, or 10,000. By adding one single number, we just increased the total number of possibilities by 9,000! For every additional placeholder in a combination, the amount of possibilities increases exponentially.
Now, if you've made it this far and haven't tried to jimmy open the briefcase with a crowbar, that last sentence is the most important part. An additional placeholder increases the number of possibilities EXPONENTIALLY! How can we use this to our advantage? By making your passwords as long as possible to increase password strength.
Other Good Password Tips
In addition to password length, a strong password also depends on the content--the actual words used. This means avoiding dictionary words and common phrases. Malicious users can use password-breaking software that can scan through entire dictionaries in mere minutes. Sure, using "hippopotomonstrosesquipedaliophobia" is great for password length, but since it's in the dictionary, it's easily crackable. A simple solution? Break up dictionary words with numbers and symbols.
Good Passwords Use Numbers, Letters and Symbols
Using numbers and symbols help strengthen your password in two ways: (1) numbers and symbols are not commonly used words or phrases, and (2) numbers and symbols increase the number of possibilities per placeholder.
For example, if your current password is "catnip" and you want to increase your password strength, there are a few things you could do. You could capitalize the "c," use the "@" symbol in stead of an "a," and put a number at the end of the password. "catnip" become "C@tnip1911." While it isn't the longest password in the world, it definitely is a stronger password than your previous one.
One Last Strong Password Tip
Now, before you thought you escaped all the math in this blog, I need to give you a little bit more. Wait, don't go! Remember back to our briefcase combination lock? Since that lock only used numbers, there were only 10 possible combinations. What happens when we throw in letters? Add 26 more possible combinations. Case sensitive letters (upper and lower case)?
Another 26 letters. The symbols found on your keyboard's number keys? Add another 10. Instead of a measly 10 possibilities per placeholder, you could potentially have 72 possibilities per placeholder. 72! Coupled with a 10-digit password, the amount of possibilities is 72 X 72 X 72 X 72... well, you get the picture--it's a lot!
Bottom line? IliKeC@tnip$1928 is a lot stronger password than catnip.
Conclusion
That is all for this week's geekery. Stay tuned to the next installment to figure out how you are actually supposed to remember all these passwords. Hint: you are not.