During an offline discussion with some of the others on the forum yesterday, one of our number was discussing a hosting issue they were facing. Aside from fixing the problems caused, on suggestion was that all passwords would need an update. Knowing how we enforce ‘complex passwords’ where I work, I posted and adaptation of the way we do it where I am. I am well aware that there are many views on the subject, and that this isn’t necessarily perfect, but it’s better than many of the practices out there, and it puts you streets ahead of those stick with a default ‘admin | admin’.
##What makes up a complex password?
Ideally, your password should meet the following requirements:
The password must be a minimum of eight characters, consisting of:
- Minimum of one upper case character
- Minimum of one number character
- Minimum of one special character
So a complex password should look something like this:
How are you expecting me to remember this, I hear you ask? Well there is a way and it’s called ‘pass phrases’.
You create a complex password from a passphrase that only you know.
It goes like this:
Think of a sentence that is particular to you, one that uses numbers too.
For example, here is one that means something to me –
I married my wife in Sweden February 2008
I take the first letters from each word, and then I put the numbers at the end, so the sentence; “I married my wife in Sweden February 2008” becomes:
Then to meet the minimum standard I need to add a special character (!”£$%^&*()_+#~@?><). I will choose to use $
So my completed complex password is
ImmwiSF2008$ and I have met all the requirements for a complex password, and I can remember it.
Remember ‘Pass Phrases’ are easier for you to memorise and mean something to you. Choose special events in your life to make up your ‘Pass Phrase’ and your complex password.
Do you have any preferred techniques or arguments either for or against the above?
PS. The bit about marrying my wife in Sweden in 2008 is not wholly accurate…