Georgia Institute of Technology recently did a study, finding that most people’s passwords aren’t secure. With a brute force attack (just trying as many passwords as possible), a system could find a person’s password in a few if it was under 12 characters, and wasn’t random. However, it would take thousands of years if the password was at least 12 characters long. They recommend that users make their passwords 12 characters or longer, and make sure they contain uppercase, lowercase, numbers and symbols. Also, the password shouldn’t just be a word. “Pennsylvania” is a bad password, despite the fact that it is 12 characters long. “j8ebg;l*MbL~”, however, is a good one (although not anymore since I’ve mentioned it).
Random jumbled characters not your thing? Go for a sentence. “Long cat is a meme!” is a perfectly good password (although, again, I’ve ruined it by posting it). But remember, using actual words means the system doing the attack can use the dictionary to figure out possible combinations of words. You may want to stick with jumbled characters, or mixed up words. The sentence above could become “L0nG_C47 I5 A M3mE!”. By avoiding words, you’ll be able to make your password more secure.
Of course, here’s to hoping they develop a technology that uses fingerprints or retina scanners. Because it won’t be long before we need to have passwords that are 100 characters long, and that’s going to be just too hard to memorize. After all, you should try to use a different password for every site, especially if they have anything to do with your finances.
Even though this is common knowledge, you’d be amazed at how many people still use “password123” as their password.