What makes a strong password?

Written by Tyler Jacobson on August 17, 2012

In my last article, I discussed how and why it’s a good idea to use unique passwords for everything and then advised you to forget those passwords. In that article, I made note that there will be times when you need a memorable password that you don’t want to forget.

When that need arises, you’ll want to make sure that not only is your password memorable, but also unique and strong. Read on and I’ll show you how to easily create a password that meets all three of those needs.

There are many things that can make your password strong. Let’s talk about what makes your password weak:

  1. Using the password: password or 123456 or qwerty. Here’s a list of the 25 most commonly used passwords. If your password is on this list, you are using a weak password.
  2. If your username is JohnDoe and your password is John or Doe or JohnDoe, you are using a weak password.
  3. If your website is JaneDoeTires.com and your password is Jane or Doe or Tires, you are using a weak password.

Now, let’s talk about what makes passwords strong:
Contrary to popular logic, you can use real English words as your password but only if you change them around. In this example I’ll use the word vanilla (I can’t come up with a more vanilla password than that, can I? … anyone?… is this thing on?) According to https://www.grc.com/haystack.htm it would take about 3.19 months of continuous brute force attempts to guess the word vanilla. (Luckily, your MacHighway account comes with brute force protection that won’t allow a hacker to attempt 3.19 months of brute force attempts.)

  1. Use a combination of upper and lowercase letters. If we change the password to vAniLLa, it would take an estimated 33.33 years to guess this password. Quite a jump by just adding some uppercase letters.
  2. Include numbers. If we change the password to vAn177a, it would take an estimated 1.14 centuries to guess this password.
  3. Lastly, if we add some symbols to the password, we’ll take a huge leap in securing our password. If we change the password to ?vAn177a?, it would take an estimated 2.03 hundred thousand centuries to guess this password. (Also known as, 20,300,000 years)

 

Of course, the strongest password in the world is useless if….

…someone manages to get ahold of your password by sniffing it out on public or unsecured wi-fi connections. For that reason, we strongly recommend that you set up all mail clients to send and receive via a secure connection (instructions for Apple’s Mail App here), and also, set up your browser for secure browsing (we like the HTTPS everywhere add-on for Firefox).

An easy way to tell if you’re browsing the web securely is check the URL on any form that may require the input of sensitive information, login and password or otherwise. Be sure that the URL begins with https:// (note the s at the end of https). When you see that “s”, you’ll know that your information is being encrypted from your browser to the receiving server, which will keep malicious hackers at bay.

Do you have tips or questions about security? Be sure to leave them in the comments.
Part 1: Go ahead and forget your passwords.
Part 2: What makes a strong password?
Part 3: How to retrieve your forgotten passwords.