You are here >  theory >  passwords

What are good passwords?


Passwords are good for authenticating who you say you are. Passwords are used in every environment around you, starting from the most insecure to the most classified ones. That being the case, people are in need of good and strong passwords that are having some properties that make them a good password, But, what makes a good password? A good password is something that is:

  • easy to remember
  • hard to guess



Attackers have been trying to crack passwords of various email accounts, services[FTP, SSH, etc.], etc. on daily basis. Hence, if you are not responsible enough to pick and choose good passwords, then you would be next in the victim list. Good passwords help you secure yourself from such attacks, although it depends on various factors:

  • Attacker's strengths
  • Attacker's computing resources
  • Attacker's knowledge
  • Attacker's mode of access [physical or online]
  • Strength of the passwords
  • How often you change your passwords?
  • How close are the old and new passwords?
  • How long is your password?
  • Have you used every possible combination: alphabets, numbers and special characters?
  • How common are your letters, words, numbers or combination?
  • Have you used strings followed by numbers or vice versa, instead of mixing them randomly?

Easy to Remember, Hard to Guess


When we talk about "easy to remember and hard to guess", it is more like choosing the opposites. This is because, easy to remember also means "easy to guess". But you might want to choose something that is easy for you and you alone. We will discuss more about this in Strength 101. It is really hard to determine if something is easy or hard for others, as it is highly relative. Although, if you pick a hard password,

  • it is hard for the attacker to guess
  • it is hard for you to remember
  • you might write it down somewhere (paper or digital)
  • you might change the passwords frequently
  • you might end up reusing your older passwords

This is precisely the reason for people to move from passwords to pass-phrases. Although, pass-phrases is a mixture of commonly used words [depending on the implementation] it is proven to be as strong as randomly generated [good mixture of alphanumeric and special characters] passwords. We will look more into this in Passphrase 101.

EvilFingers Arsenal

Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google