As an IT specialist, I am surrounded by hundreds of passwords for our computer network and its users. Every system seems to have its own requirements, with financial institutions being the most demanding:
- One or more capital letters
- Several lower case letters
- One or more numbers
- One or more special characters (!@#$%^&* etc.)
As if that weren’t bad enough, some systems require you to change passwords every 90 days or so. Now the IRS has gotten involved: Users of accounting systems that store Social Security Numbers and Federal Tax IDs are required to create passwords that comply with the standards enumerated above, and moreover change them at 90 day intervals.
What is a good password? As the illustration above indicates, length is probably the best attribute. There is a fun website called How Secure Is My Password? that is fun to use. Given any password you type in, it tells you approximately how long a computer can crack it. Let’s enter a password called, simply enough, “password.” Your password would be cracked instantly. Let’s say your password is “Longer Passwords Make Stronger Passwords.” That would take a computer 89 septendecillion years to crack. You get the general idea. (I think it would actually be cracked sooner, because computers are always getting faster.)
Some people think that using letter/number substitutions such as “4“ for “for” or “B100dy Pa55w0rd5!” for “Bloody Passwords!” would do the trick. Not really. Not when a hacker uses brute computing force to check all possible letter/number/special character permutations. And these artificial passwords are always harder to remember. And you know what happens when you lose a vital password? You’re up Excrement Creek without a paddle.
What I do is keep all my passwords up to date in a Microsoft Excel file that is itself passworded. You can even create sequences of passwords, such as:
I’ve actually used that sequence for one bank (but no longer).
There are even computer programs that save your passwords for you—even Internet browsers. But if it’s a separate system, how do you know it wasn’t designed by computer hackers? It’s like all those unsolicited anti-virus systems whose sole purpose is to load viruses onto your system. It pays to be a bit suspicious.