Anatomy of a Password

With my recent post concerning password tools it seemed like a good idea to discuss passwords and what makes a reasonable password. I wont get overly technical or as in depth as Perfect Passwords (http://www.syngress.com/catalog/?pid=3420) which is full of good advice for the average user and administrator.

The Good, Bad and Ugly

Good: Secure passwords are long and complex making it difficult anyone else to use your ID and password.

Bad: The hardest to type and remember are the long and complex passwords.

Ugly: Always forgetting those good passwords, using a sticky note to post the passwords on your monitor, using simple insecure passwords, etc.


The Balancing Act

Personally I use Password Safe (http://passwordsafe.sourceforge.net) which I blogged about here. Even then a good password should be used to protect all your stored passwords. as an example password and abc123 are not good passwords.

The best passwords are long easily remembered and use upper and lower case letters, numbers and symbols (including spaces). I usually take a phrase, misspell some of the words, use capital letters in odd places and add unusual punctuation. As an example (and don't use this):

DoC+doktor w3re gona kr4sh#

Butchered from the following phrase:

doctor doctor we are going to crash