Simple Advice For Creating Good Passwords

A tutorial by Dean Thorpe

As I know a bit about computer security (I spent a few years studying IT, plus a lot of self taught stuff at home) I sometimes get asked for advice about creating good passwords to stay safe online, preferable ones that can be used on websites that need upper case, lower case and numbers. The first thing you need to understand is how people try to work out your passwords!

There are three main ways that nasty people use:

Knowledge based attack!

These attacks have various nicknames, but the point is the same, say you were married on the 22nd of November then don't have 2211, my daughter was born on the 17th of April, so I would never have 1704, a football fan should avoid 1966, big Star Trek fan 1701, plus the last 50+ years to cover birthdays, anniversaries etc. So please avoid those too!!!

A dictionary attack!

When it comes to numbers how can there be a dictionary attack??? Well instead of common words they would use common numbers such as 1111, 1234, 5678, 1357, 2468, 1397, 1793, 1066, 1966, 1337, 1955, 2000, 1666, 1933, 1918 any year for the last 50 years etc. A list like that is a LOT faster to try than every single number! IF you are reading this and see your number mentioned I would highly recommend changing it! First reaction is to reverse the number, so all those English Football fans with 1966 will change it to 6691, because nobody would think of that . . . oh wait, I did, so will any smart hacker! 

A brute force attack!

Sounds painful, but it isn't! If you think of a PIN number, which is the most simple form of password. Say your PIN number was 1234 then to find it using a brute force attack then they would try 0000 then 0001, 0002, 0003, 0004, 0005, 0006, 0007, 0008, 0009, 0010 and so on! This is a VERY slow way of finding passwords, but will get there in the end!

OK that's numbers done, hopefully you are still awake!

Why did I explain all that? All passwords use the same systems, so a brute force attack on a non number password would test a, b, c, d etc. up to z, then aa, ab, ac to az and then starting ba, bb, bc etc. This is, really, really, really slow! lol A dictionary attack uses common words, so cat, dog, horse, friend, in fact they test the whole dictionary, maybe they should call it a dictionary attack, oh yes, it already is! The knowledge based one would be things the person would think about, such as the name of their child, their middle name, their favourite sports team, favourite drink, movie, car, pet you get the picture! This is why when you sign up for things the need lower case, upper case and numbers, it makes any of those attacks much harder!

So how do I create a good password?

The perfect passwords (even I use them) are completely random ones, literally jftGt46ef35rgEf or whatever, if you have a string of 16, 32, 64 or even 256 of those, then only someone with an insane amount of time will ever get past them!!! On the down side they are insanely difficult to remember! lol Unless you write them down . . . bad idea!

Need a Really simple way to make a password?

Think of a word, something you can always remember and add that to the end of your password, if you really can only think of one good password then have it twice! Honestly unicornunicorn is SOOOO much harder to crack than unicorn!!!

Ok, so how can you make passwords that are hard to work out, but easier to remember!

One of the easiest ways is to replace letters with numbers and even numbers with letters! Go for ones that look a bit alike including:

A 4 - B 8 - E 3 - G 6 - g 9 - I 1 - O 0 - S 5 - T 7

So if you wanted PASSWORD then you could instead use P455W0RD or if you wanted 12345678 then you could use I2EAS6TB. Not that I would recommend either of those now, but you get the idea! Getting past those passwords really need that slow brute force attack and that leads to the second bit of advice, longer passwords! Even PASSWORD12345678 is SO much better than either of those seperately! Add unrelated things together, so if I have a red car, drink milk and have star wars as my favourite film, then if I had redcarmilkstarwars if would take a lot of guesses to work it out!!! :) Add that to the other idea and you would have r3dc4rmi1k574rw4r5, which would be hard, but far from impossible to remember, but VERY hard to crack without a LOT of time :)

Basically make it as hard for them and as easy for you as you can!!!

Yay, you hopefully now have a great password that you can use for every single site you visit? NOOOOOOOO!!!! To find out why please register to take part in my free draw where you can win absolutely nothing! To register for free, just give me your name, email and a password of your choice!!! Not that I could use those same details to log into your Facebook, eBay, PayPal etc.  At least have GOOD different passwords for ones like that and a basic password for crap competitions etc.

Will people Use This For Bad Things!

Some might be worried about elite hackers using this tutorial to break your passwords! Sorry, but this tutorial is the sort of stuff they learn on the first day, from many thousands of tutorials that go into much more detail, this one is purely to give a little advice to the average person who doesn't understand these things at all and then wonders how they get "hacked" so easily!!!

Please, Please, Please!!!

PLEASE DO keep yourself safe online, there are a lot of nasty people out there!

PLEASE NEVER EVER use password, 1234, 123456, 12345678, secret, letmein, access, abc123, qwerty, 1q2w3e, trustno1, 987654321 etc.

PLEASE DON'T "Borrow" this tutorial without at least giving me credit for it, I wrote this 100% myself, using my own knowledge.

PLEASE DO feel free to share the link to this page!!!