What is a secure password?

Secure passwords are an issue that internet users face everyday. Every time you sign up on a new website, you are asked to use a password for your login. You look around you, making sure the resident computer security expert doesn’t see you, and you type in that one password that you use for every other site. You justify the use of that password by saying, “It’s a secure password: it contains more then 10 characters, some upper case, some lower case, some numbers, and a symbol” (which doesn’t actually guarantee a secure password).

“So what is a secure password?” you ask. Simply put, a secure password is one that is somewhat long, easy to remember, and only told to people or websites that you trust. The last one is the key. It is very simple to create a website that has the sole purpose of harvesting passwords from users. A website that promises, and maybe delivers, a service that the user would find useful. The user signs up for it, and puts in their password, and usually email address as well, and now the admins of that website have your email login and, if the password is the same, your email password. The website admin could also try and use the combination on Facebook, Twitter, banking sites, etc. and see what information, and possibly money, they can get.

So next time you sign up for a website, ask yourself “Do I trust the admins of this site with the ability to read my email? Change my Facebook page? Post on my Twitter account?”. If you answered yes then by all means use the same password as those other services; but, if you answered no, do yourself a favor and use a new password.

See also:

http://www.usewisdom.com/computer/passwords.html
http://xkcd.com/792/

Advertisements

3 thoughts on “What is a secure password?

  1. I also referenced XKCD’s 792nd comic, but I have to admit, something about that strategy seems wrong. Do you know of any reason why using concatenated english words wouldn’t work?

  2. I think that it is very hard to define what a secure password is, seeing that there are really no secure passwords ever. Yes it is smart to have a long password with lower case and upper case letter, numbers, and symbols, but even though that it does make it harder for decrypting software to figure out, it still can be done with key loggers and other conventional ways to do it. I think the best thing to do if have a couple different passwords, each one based for a different level of security you want, such as you Facebook and email password can be one and you online banking and bill pay another. And you should always look at the website you are making and inputting a password on, and if you actually trust them to keep your passwords safe and secure.

  3. @cjl7117- That is generally the point that I was trying to make: use multiple passwords and on untrusted sites use a completely different one. Personally, I don’t trust Facebook with my email password, or any site for that matter.

    @mlb9252- I just spent about a half hour trying to figure out where he got the 28 and 44 bits of entropy, and I still haven’t figured it out. I referenced comic 936 (which is the one I think you were referring to) because I generally agree with the point (I think) he was trying to make: a password doesn’t have to be completely random and impossible to remember to be secure. It just has to be a length that would take an impossibly long time to brute force.

Comments are closed.