Conventional wisdom tells us that a password needs to be complex to be strong. Complex means that the password includes different character types--numbers, uppercase letters, lowercase letters, and symbols. And of course, the password is preferably not a real word, and it better not be something like Fluffy-2. (I'll give you one guess about that person's next password.)Don't get me wrong; a complex password is indeed a good idea, until it gets so complex that you have to write it down. Once you do that, you've made your password more discoverable.
There are a couple of articles from Microsoft that talk about another option: long passwords. The longer, the better. (In this article, search for the section called, "Myth: Passwords Must Be Complex to Be Strong." In this other article, search for the section called, "What should I do to protect my passwords?") One easy way to create a really long password is to use a passphrase. This is preferably a phrase that you can easily remember, but may not make sense to somebody else. For example, "The bird wasnot inthekitchen's waterbed." After reading the articles mentioned above, you'll understand why this is such a good password. Even something simpler, such as "I'mgladBobreturnedwiththemilk" would take a long time to crack.
I'm not saying complex passwords are a bad idea, nor am I saying that long passwords are a complete alternative to complex ones. The best password is both complex and long. I.T. pros and others protecting high-security accounts should still strive to use the most complex passwords possible, and a password utility like PINs (see previous post) can help. But for the regular Joe wanting to keep his accounts secure, a long password--or passphrase--may be the best option.
3 comments:
You mean like, "nythungithtuckthoothithreethingcolpole."
You know what, forget about that last post. I may or may not have inadvertantly revealed my password to an interested yet prying internet universe.
I always thought "bosco" was a great password.
Post a Comment