Title: Choosing a good password


Author: Uzi Paz
E-Mail: for e-mail contact - user is uzi4wg and domain is uzipaz.com My e-mail address as a picture
First version date: 14 September 2000
Recent version date: 14 September 2000
Legal Notice: While as far as I know all the information here is exact and correct, as I'm giving this information as a free service, I'm taking no responsibility.
Parent Page: Uzi Paz home page on http://www.uzipaz.com .

One of the easiest ways to crack into computers (might it be your own computer, or your web account, or anything else), is by password cracking. If the computer provides some remote access with the defense of a password, a very common way to break into that computer, is by brute force password guessing. They just use programs that try millions of passwords, with known usernames or common usernames.
Since many people choose trivial passwords the method is quite successful.

As passwords are cracked from time to time, and in many cases the program that cracks the passwords
generates a list of accounts with their passwords, It is well recommended to replace from time to time the
password.
In many cases you won't notice that your password has been cracked.
I wish here to make some comment about the choice of password. There are quite a lot of programs that try to
crack passwords. Many of them use some dictionary of words or names and try to guess.
Too many people use the name of their beloved wife/girlfriend/husband/boyfriend/son/daughter/pet as a
password or the date of birth or some combination of those, and password crackers (programs that crack
passwords) can find such passwords.
A few rules about choosing a password:
a) replace it occasionally if you can.
b) never choose a too short password: 8 characters are the minimum, that I recommend, and in most cases I
recommend more than that.
c) never use the same password for different services.
d) never use a name of a person or a word from the dictionary or a date or some simple combination as a
password.
e) if you can, use combination of capital letters, small letters, numbers, and special characters (not all services
allow this, however).

You might think that I'm a bit paranoid here, but too many accounts are cracked this way. Once an account is
invaded, a further harm can be done without you to even notice it.

Here are examples of bad passwords:
1. cyberboy
2. thebest
3. Johnny
4. Maya
5. julie
6. club0
7. abcd
8. jack123

Here are examples of good passwords:
1. iTs3adN*aF
2. cnEf4km!L
3. e)iYc,uC0

you may notice that example 3 here was taken more or less from the initials of rule number (e) for choosing a
password as you can see above, with o replaced with zero, and comma appears. This is of course, not an easy
hint to remember the password, but you may think of some other way to choose a password that no one but
you could guess, but that you are still able to get hint from it. e.g. if you had a teacher at school with very big
and protrusive ears that once said a memorable sentence: "Too much information equals no information" you
may use it as a hint for the password: dStMi=0i which comes from "dambo Said: too Much information equals
no information".
If its too hard for you, just use some arbitrary combination, and write it somewhere where no one would
suspect that it is a password.

Many programs such as telnet and FTP programs send the passwords for authentication on the Internet, without any encryption. This means that any sniffing programs that is installed along the way between your computer and the remote one that you use remotely, can watch the user name and password.
If you have the option to use services that use encrypted password it is better to use them.
If not, than the best thing you can do is to replace the passwords regularly.