Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Password
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Choosing a secure and memorable password== The easier a password is for the owner to remember generally means it will be easier for an [[hacker (computer security)|attacker]] to guess.<ref>{{Cite news |title=If Your Password Is 123456, Just Make It HackMe |work=The New York Times |first=Ashlee |last=Vance |author-link=Ashlee Vance |date=10 January 2010 |url=https://www.nytimes.com/2010/01/21/technology/21password.html |url-status=live |archive-url=https://web.archive.org/web/20170211224543/http://www.nytimes.com/2010/01/21/technology/21password.html |archive-date=11 February 2017 }}</ref> However, passwords that are difficult to remember may also reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password across different accounts. Similarly, the more stringent the password requirements, such as "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.<ref>{{cite web |url=http://all.net/journal/netsec/1997-09.html |title=Managing Network Security |access-date=31 March 2009 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20080302044633/http://all.net/journal/netsec/1997-09.html |archive-date=2 March 2008 }}. Fred Cohen and Associates. All.net. Retrieved on 20 May 2012.</ref> Others argue longer passwords provide more security (e.g., [[Entropy (information theory)|entropy]]) than shorter passwords with a wide variety of characters.<ref name="SS1" /> In ''The Memorability and Security of Passwords'',<ref>[http://homepages.cs.ncl.ac.uk/jeff.yan/jyan_ieee_pwd.pdf The Memorability and Security of Passwords] {{webarchive|url=https://web.archive.org/web/20120414222419/http://homepages.cs.ncl.ac.uk/jeff.yan/jyan_ieee_pwd.pdf |date=14 April 2012 }} (pdf). ncl.ac.uk. Retrieved on 20 May 2012.</ref> Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two or more unrelated words and altering some of the letters to special characters or numbers is another good method,<ref>{{cite book|author1=Michael E. Whitman|author2=Herbert J. Mattord|title=Principles of Information Security|url=https://books.google.com/books?id=uSGkAwAAQBAJ&pg=PA162|year=2014|publisher=Cengage Learning|isbn=978-1-305-17673-7|page=162}}</ref> but a single dictionary word is not. Having a personally designed [[algorithm]] for generating obscure passwords is another good method.<ref>{{Cite web|title=How to Create a Random Password Generator|url=https://www.pcmag.com/how-to/how-to-create-a-random-password-generator|access-date=5 September 2021|website=PCMAG|language=en}}</ref> However, asking users to remember a password consisting of a "mix of uppercase and lowercase characters" is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' β '3' and 'I' β '1', substitutions that are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.<ref>{{cite book|last1=Lewis|first1=Dave|title=Ctrl-Alt-Delete|date=2011|isbn=978-1471019111|page=17|publisher=Lulu.com |url=https://books.google.com/books?isbn=147101911X|access-date=10 July 2015}}</ref> In 2013, Google released a list of the most common password types, all of which are considered insecure because they are too easy to guess (especially after researching an individual on social media), which includes:<ref>{{cite news |author=Techlicious / Fox Van Allen @techlicious |url=https://techland.time.com/2013/08/08/google-reveals-the-10-worst-password-ideas/?iid=biz-article-mostpop2 |title=Google Reveals the 10 Worst Password Ideas |publisher=[[Time (magazine)|Time]] |date=8 August 2013 |access-date=16 October 2013 |url-status=live |archive-url=https://web.archive.org/web/20131022123957/http://techland.time.com/2013/08/08/google-reveals-the-10-worst-password-ideas/?iid=biz-article-mostpop2 |archive-date=22 October 2013 }}</ref> * The name of a pet, child, family member, or significant other * Anniversary dates and birthdays * Birthplace * Name of a favorite holiday * Something related to a favorite sports team * The word "password"
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)