Password Strength – Generate Strong Passwords

Coming up with a strong password can be a real pain! Your choice in a password really depends on how much you value losing access to whatever it is protecting. If you care little or can easily replace the information being accessed, then a simple password will do. If, however, losing access would be painful, then a strong password is what you need, even though a strong password can itself be painful because it may be difficult to remember. Let’s discuss why it is key to securing your WordPress web site.

WordPress Passwords

So how important is the admin panel of your WordPress web site? For most business owners, I would say pretty darned important. It is the key to your business web site and being down for even a short period can be devastating. So while the focus here is your admin password (that is not really the login name, is it?), this discussion really applies to any account you have anywhere on the internet.

Password Strength (Photo credit: DavidWees)

If you were trying to guess my password, you would likely try some obvious choices first. What are some simple, easy to remember passwords? abc123 is pretty simple. Others include “123456”, “password”, “monkey”, “iloveyou”, “princess”, and “letmein”. Here’s a ZDNet article from June, 2012 with a list of 25 most-used passwords.
The top simple passwords do not change all that much over time. Is your password in the list? You should hope not!

Brute-Force Attack

This is what is at the heart of a brute force attack, one where the thief tries to guess your password. I call him a thief because he or she is trying to steal his way into your account. Once in he will likely take something from you. It might be your hard work, your money or at the very least, your sense of security. This is why we all need to take password security seriously.

How to Increase Password Strength

The first thing to do is to avoid the top 25! Yes, passwords need to be easy to remember (but maybe not, more on that below). Hopefully, you have not been using any of those.

Next avoid words straight from the dictionary, in any language. The thief is not going to be some fellow sitting around in his pajamas randomly trying this or that. He or she will likely be someone with a computer program that runs through the well known common passwords and dictionary words trying to get a match to your password. Computer against computer. Or should I say computer against whatever password you stored in the computer?

Next, to spruce up your password strength, use as many different symbols from the keyboard that are allowed. Suppose a password length could only be 4 digits. The number of different password combinations would be 10,000. (10 to the 4th power)

Now suppose the password could include numbers and lower case characters but still only 4 positions. The number of possible combinations has increased to 1,679,616 (36 to the 4th power) just by using more symbols. A significant increase to be sure!

Still, a piece of cake for a computer to run through. You can check how long it could take for a PC to guess (crack) a password at https://www.grc.com/haystack.htm. Now you see why increasing the length and increasing the symbol categories (numbers, letters, upper and lower case, punctuation, etc) you use is important when selecting your secure password. Of course the very thing that is important makes it harder to remember.

To this we must add that the same password used everywhere is a security liability. Anyone who figures out your password can now try this user name/ password combination everywhere. Popular web sites might be banks and credit card web sites. So do not, for any reason use the same user name/password combination anywhere.

How to Create a Strong Password

There are a number of ways to generate complex passwords. For example, think of a phrase you know well or can memorize and use the first character of each word. “Jack and Jill went up the hill to fetch a pail of water” will give you “JaJwuthtfapow”. Now make some random substitutions. For example, insert a number/symbol every 5th char. (Make up your own rules) Now you have a longer strong password of “JaJwu1thtf@apow3”.

Consider this the “root” of your password. If it is too long, trim the front or end off. Add the site name to the beginning or end of your strong password root to generate a unique strong password. And now we have “JaJwu1thtf@apow3_Yahoo$”

This is just one example of a process you could use to generate strong passwords yourself. You can make up your own process, modify the one above to suit your needs or search the internet for more examples. If you want to use a random password generator, you can find one at GRC.com. This one goes to 64 characters. Slice off whatever length you need! The important take-away is to have a way to generate strong passwords.

Once you generate the password, you need to remember it. Ah yes, another pain point with passwords! You can write it down in a notebook or keep it in a file. Either of these is a security breach in and of itself. What happens when you lose the notebook? Do you know all the web sites you will need to update? Will you remember the passwords? (Ummm…that was what the book was for…) Similar problems with the file…at least you should encrypt it so no one can swipe the file and get access. (Yes, encryption will mean you need to have another strong password to “remember”.) You will want a back up too, in case your computer crashes or the file is otherwise unreadable.

All this leads to using the computer to help solve this dilemma. Consider using a password manager.

Why not a Password Manager?

Password managers are computer programs that have a number of features to address these issues. Password managers store you passwords securely by encrypting them. But generally, this means you only need to remember one strong password. They can generate random passwords automatically for you.

Some popular password managers are: KeePass, Roboform, LastPass. There are others but these three are good candidates. Review their features and choose the one you like best. Realize that you don’t need to use just one approach. A hybrid of keeping some passwords written down and some in the password manager may work for you.

Key “Take-Aways” for Generate Strong Passwords

• Use a complex password
• Use as many different symbols categories as allowed
• Use a password length of at least 14 characters
• Don’t use the same password more than once
• Consider using a password manager
• You can use more than one approach for keeping track of your strong passwords

If your passwords do not yet meet these standards, consider how much you value what they are protecting. Then begin to make the appropriate changes. Doing this now will help you avoid headaches later.

Thanks for reading “Password Strength – Generate Strong Passwords”

Let me know how this article was helpful or if you need more information about anything discussed here!

If you liked this article, let other know about it!