CitrusKiwi's Web Design, Internet & Marketing blog

Get hints and tips about web design, SEO, and things internet. We also discuss online security issues, showcase new client websites and offer hints on marketing and networking.

Good passwords, bad passwords

Or, how to be safe on the Internet

Doing what I do, I come across all manner of passwords from clients.  Some are good passwords, and some are bad passwords - some are SERIOUSLY bad passwords.  There are lots of articles around the 'net telling you what you should and shouldn't use.  For me, what you shouldn't use is a complete no-brainer and takes one sentence, not a whole article.  If you can type it into Google and find it on the 'net DON'T use it!  It's that simple.  So, that includes the really dumb ones like your name, your spouse's name or your kid's or pet's name.  1-2-3-4-5, password, admin or any other password shipped with your equipment.  For bad passwords, that's it.

What is a much better question is, what is a good password?  Another simple answer, one YOU didn't come up with!  It's hard for a human to come up with truly random ones.  When I'm securing websites, I use an online password generator.  There are many of them, and a Google search will get you to one you like.  Include lowercase, uppercase, numbers AND special characters, and, in my opinion, it should be at least 8 characters long.  So I just went and generated one - ?8_CLgz) - that's going to be pretty tough to break.  And, no, I haven't used that anywhere!

Why do I recommend a minimum of 8 characters?  It's because the number of combinations increases exponentially the longer your password is.  An 8 character password is way more than twice as difficult to crack as a 4 character one (about 78 million combinations).  So if you want to keep, probably, even the government out of your stuff, try a 15 character one!  But let's consider just an 8 character password.  There are 47 letter, number or character producing keys on a standard English keyboard.  So the permutations are 47 x 2 (using the shift key) = 94 possibilities.  For this demonstration, I'm not going to include the likes of ASCII characters. 

The formula for possibilities (of passwords, not keys) allowing for repetition is nr; permutations of n objects, taken r at a time.  Therefore, in our 8 character password, the equation is 948 = 6,095,689,385,410,816, a number bigger than even the US federal debt!!!  A little over 6 quadrillion!  Now does that make you curious of the permutations of a password 15 characters long?  How about nearly 400 octillion (is that even how you spell it?).

395,291,798,759,682,000,000,000,000,000 - now that's secure!

Font size: +