From The Financial Post:
You may think that your online information is safe but in reality, it’s only as safe as the password you use.
That handful of characters is all that stands between an online criminal and the contents of your eBay, Amazon or online banking account. How can you make sure that it doesn’t get compromised?
Short passwords are possibly the worst kind to use, because they are relatively easy to crack in what security experts call a brute force attack.
Even the most basic modern desktop computers have enough processing power to guess passwords simply by trying different combinations of letters repeatedly. The fewer letters there are in a word, the more likely it is to be cracked.
Using real words (rather than random collections of letters and numbers that don’t mean anything) is also dangerous. Software exists that uses ‘dictionary attacks’ against passwords, running through hundreds of thousands of words in the English language on the assumption that people want to use a word they will remember.
Somehow, ‘8uiklg5ybs’ just doesn’t stick in a person’s memory, whereas the name of their pet does.
[tags]Passwords, Password Security, User Education[/tags]
Ive always thought funny that the IT guys at work stress never to use personal data when making up your password. Chances are whoever tries to break my password does not know jack about me.
But still, a good password can truly save your bacon, the longer it takes to break, the more likely the criminal will move on to something easier.
@Doug:
When it comes down to it — if a criminal wants your information, they’ll get it. Whether it be your dog’s name or the bank account information for your fortune 500 company, they can get it if they really want it. Not knowing your password is only a deterrent.
That being said, a great way of having users choose a password is to have them choose a pass-phrase that they use. Then they can devise a password base don that (if the system won’t let them use a pass phrase). Something like “My dog is a really good dog” could be made into a password such as Mdi@rgD. Fairly easy to remember (or at least recreate) but difficult for a password cracker to crack.