A strong password is one that is designed to be hard for a person or program to discover. Because the purpose of a password is to ensure that only authorized users can access resources, a password that is easy to guess is a security risk. Essential components of a strong password include sufficient length and a mix of character types. A typical weak password is short and consists solely of letters in a single case.
When people create passwords, they often defeat the purpose by choosing parts of their names, the names of their pets, or even the word "password," itself, which was the most commonly used password for many years. Now that many password policies require the inclusion of a numeral, the most common password is "password1."
You can make your password much harder to break by using more characters, mixing upper and lower case letters, and including numbers and special characters. According to a security guide from Texas A&M University's Research Foundation, a six-character, single-case password has 308 million possible combinations, all of which a password cracker can go through in just a few minutes. Combining upper and lower case letters and using eight characters instead of six increases the possible combinations to 53 trillion; substituting a number for one of the letters yields 218 trillion possibilities; and substituting a special character or punctuation for another yields 6,095 trillion possible combinations. Although a password cracker can eventually go through that many combinations, it requires much more time and computing power.
People like to use passwords that will be easy for them to remember. A Microsoft article about security suggests that you use a memorable phrase instead of a word, and convert that phrase to a password. For example, the phrase, "I have 2 Labrador retrievers! Fido and Spot." could be expressed as Ih2Lr!F+S.
Back to: Glossary