The purpose of this article is to help you assess the strength and security of your password and to encourage you to start using more secure passwords. As a consequence of the fact that we all need to keep track of many passwords, many people use just one or two passwords over and over again. If this is true for you then please make sure that those few passwords are very difficult to guess. Go to one of the following web sites, How Secure Is My Password, or zxcvbn, and type in your commonly used passwords to see an estimate of how long it would take a computer to determine your password using a brute-force attack. A brute-force attack is one in which a person tries repeatedly to guess your password. Such attacks often start by using some of the most commonly used passwords like 123456, password, cactus, andrew and turtle. (If you don’t feel comfortable typing in your password on a web site, you can read this article to learn how you can test your password using Mac OS X’s Password Assistant.)
Okay, now that you realize how weak your password is, here are some tips on picking stronger passwords. Most likely, you’ve heard the advice of making your password longer, adding numbers and punctuation marks as well as a mix of uppercase and lowercase letters. All of this is good advice, but many people seem reluctant to incorporate this advice. Use the How Secure Is My Password to see how much longer it would take to guess a strong password by typing in a few variants of your password. You’ll soon see that password length make a huge difference. The longer your password is, the more secure it is.
For example, if your password is cactus, you’ll see that this word is one of the 2000 most commonly used passwords so it can be guessed very easily– within seconds or minutes. However, if you were to change your password to cactuscactus then you’d see that the web site estimates that it would take about 12 years for a computer to guess or figure out that password. If your changed your password to cActuscActus then the estimate increases to 49,000 years. If you changed it to cActuscActus2012 then the estimate rises to 6 trillion years. Wow!
As you select more secure passwords, please make sure that they are still easy to remember. For example, if you currently use your child’s name or birthday as your password you could change your password to Andrew’sBirthdayIs12/15/80. That’s still easy to remember, but it’s so much more secure since it’s long, has a mix of uppercase and lowercase letters, numbers and punctuation marks.
Below are some other suggestions of strong passwords to help you get your creative ideas flowing. Create phrases or sentences which naturally incorporate punctuation marks and captalize each word in the phrase.
Now that you’ve picked one or two strong, secure passwords, please start to update all of your accounts. As you go through your day in the coming weeks, take a minute or two to update your accounts when you login to them. You might also want to maintain a list of your accounts and their passwords. You can store this information on your Mac by using a secure disk image. Read this previous Tech Tip about how to create a secure disk image.