This document provides some simple guidelines for creating a user account or network access password which combines a higher level of security with a better chance of remembering it.
Why Do I Need a Password?
A personal computer system is very fast, but also very literal. It has no real means (in the human sense of the word) of distinguishing good data from bad or authorized commands from unauthorized. It simply does what it is told, for good or for ill.
With this fact in mind, it is not surprising that there are malicious entities (this writer hesitates to apply the word 'people') who are all too eager to force other peoples' computers to do things their owners would not wish them to do.
The Hack Attack!
Some computer users set up accounts with no password at all, or use a very simple password (a proper name, a simple number sequence or a string of repeated letters. Or, worse still, use their very user account name as their password! One technique used by malicious entities against such users is the dictionary hack. A computer is set up to transmit codes over a network, running through a list of words, names and number sequences.
If a match can be found with some other computer's user name and password, the "entity's" computer may then be able to transmit commands to the "victim's" computer, just as if it were a local user with a keyboard and mouse.
Piece of String vs. Combination Lock
Security experts typically recommend that computer user accounts should each be associated with a distinctive, strong password. The typical rules for defining a strong password are as follows:
- 8 to 16 characters in length
- Not a proper name or a "dictionary word"
- A mixture of uppercase letter, lowercase letters and digits.
- Optionally, includes "special characters (understroke, dollar sign, brackets etc.)
While it is true that a password such as "qqKJ_932vHc" meets the definition of a strong password, most computer users would probably have a rough time remembering it, until they had entered it many times from a "cue card". However, there is a technique which has been tested with a wide variety of Customers in a Micro Center Technical Support office, which may offer you a way to generate a strong, memorable password.
- Begin with a word of your choosing. Example – sailboat
- Separate the syllables. sail boat
- Misspell the word in a phonetic way – for example, use a "q" instead of a "k", or a "y" instead of an "i". sael bowt
- Place one or more numerals between, and / or on either side of the modified syllables. sael2bowt5
- Substitute or insert at least one uppercase letter, somewhere other than the first character. sael2bowT5
You now have generated a strong password ("sael2bowT5") and a starting word ("sailboat") to use as a password hint. The password hint is designed to appear in a user account login window, to jog the user's memory and point the user toward the actual password.
Finally, if your operating system includes this feature, create a password reset file and write it to an optical disk, flash-drive or a memory module. This file will help you reset your own user password, should it be forgotten, mislaid or compromised.