Creating Strong Passwords

We talk about techniques for creating, managing, and password-protecting user accounts, but before we get into the details it might be worthwhile to talk about passwords in general. Not just passwords for user accounts, but for all types of accounts you create, including online accounts.

A password that’s easily guessed is a weak password. A strong password is one that’s not easily guessed and is immune to password-guessing attacks. The two most common forms of password-guessing attacks are the dictionary attack and the brute-force attack. Both types of attacks rely on special programs that are specifically designed to try to crack people’s passwords and gain unauthorized entry to their user accounts.

The dictionary attack tries many thousands of passwords from a dictionary of English terms and commonly used passwords. The brute-force attack tries thousands of combinations of characters until it finds the right combination of characters needed to get into the account.

Admittedly, both types of attacks are rare in a home PC environment. They’re also easily frustrated by common techniques such as forcing a person to wait several minutes before trying again after three failed password attempts. Nonetheless, the general guidelines used to protect top-secret data from password-guessing attacks can be applied to any password you create. A strong password is one that meets at least some of the following criteria:

• It is at least eight characters long.
• It does ...