Methods for Generating Good Passwords
This information first appeared in MichNet News, Volume 11, No. 1.
It is based on copyrighted material (1995) by David G. Beausang, Colorado School
of Mines.
- First, if the maximum password length is long enough,
you can use two unrelated words together, perhaps separated by some punctuation
or numbers. For example, parabolasextuplet, ... embargo*.umber, apple:xerox,
nova::orient, but not peanutbutter nor lionhunt. Note that if the maximum
password length is eight characters embargo*.umber is truncated to embargo*
which will be cracked.
- Second, use the first letters of words in a memorable phrase.
The phrase "Mary had a little lamb" produces the password mhall.
Obviously, memorable is good, but traditional or classical is risky. Make
up your own phrase. "I got a speeding ticket on 6th avenue" generates
igasto6a, "that last calculus exam was really painful" generates
tlcewrp.
- Third, use grossly misspelled words. For example, fumigayt,
lugrnch, phloot.
- Fourth, tighten up a good password into a better password:
use both upper and lower case characters, add punctuation and/or numbers,
depending on what the system allows. For example, igasto6a could become iGAsto6A,
... phloot PHloOT, and MOUTHMOCCASINS MO76UTH81MOC33CASINS.
- Fifth, if you have a good memory, use eight or more, preferably
the maximum allowable, random characters.
- Finally, keep in mind that some systems will force you
to use a password that contains a combination of lowercase letters, uppercase
letters, numbers, or special characters.
Also see:
Categories of Bad Passwords
Safeguarding Your Password
Strong Password Standard for WSU
