Password Construction

Password is one important aspect in computer security. A Password is usually used to enter user-level accounts, email accounts, web accounts, etc. With the "Remember Password" feature available in some applications, it is important to have a strong password. First there will be a list of bad password characteristics, then there will be a list of that a good password like.

Bad password characterisitcs:

  • Password with less than 8 characters.

  • Password that is using words that can be found in dictionaries.

  • Generic word passwords, such as one of your family member's name, your friend's name, computer jargon and etc.

  • Birth date, address or phone number password.

  • Password with word pattern, such as qwerty, 123321, aabbcc, and etc.

  • Words spelled backwards, such as drowssap.

  • Password with a famous people name, your idol or something.

  • Words prepended or appended with a number, such as password1, 2password.

Strong password characteristics:

  • Contains number, punctuation and letter (0-9, !@#$%^&*(),./).

  • Contains small and capital letters.

  • Longer than 8 characters.

  • Is not a word in any language or jargon.

  • Not based on any private information like your birthday, family name, etc.

There are ways to form an easy to remember strong password, you can create an acronym from a phrase. Never write your password anywhere, do not talk about it with anyone. It's usually a bad idea to use the "Remember Password" feature as available in some web browsers. Saved passwords can be viewed by other people if they have access to your computer. In Firefox (Windows version), you can go to Tools > Options... > Security > Saved Passwords and click Show Passwords to see pairs of username and password saved for certain website.

For an organization, you can ask your emplyees to never use tha same password they use in internal for their public account (public email or social network account for example). Change your and your employee's password periodically, somwhere between three to six months is an acceptable interval, but this depends on your organization's policy. Monitor your employee password, you can periodically try to break their password using an available software that can be used to brute force someone password, if on of your employee password can be guessed, ask him to change his password.