Minimum password requirements
It is now common place to find that the minimum requirements of a password is a password with a minimum of 8 characters in length and must contain at least 3 out of 4 of the following items:
- Uppercase letters
- Lowercase letters
At this minimum requirement, it was possible in 2012 to calculate or 'guess' a password within 6 hours. Today, given the right computing resources, it only takes a few minutes. So, I suggest you forget about minimum requirements altogether and as of today, I would recommend using a password of 16 characters in length and uses all four of the items mentioned above.
Easier said than done right? Well, it does not really have to be that way.
“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.” ~ Chris Pirillo
The best 16 character length password is one that is comprised of all characters being unigue (no repeated letters, numbers or symbols) and randomly stung together (no consecutive letters, numbers or symbols). If created correctly, it could take a current, standard desktop PC a few million years to solve a 16 character length password by guessing a password once every second. Using all the letters (upper and lower case), numbers and symbols on a standard 101-key keyboard results in a total of 94 usable characters. Combined into a sting of 16 characters (with no exceptions) and these 94 characters create an astronomical amount of combinations: 458 quadrillion (or 4.58929E+17 to be exact). That is 458 followed by 15 zeros!
The complexity obtained by combining all those characters into one 16 character password is mind blowing, but only of real use if you can actually remember it. So, here is a relatively simple method of creating such a password that can be easily remembered. Please read the disclaimer at the bottom of this article if you do intend on using this method of creating a password.
This method requires you to simply pick a word that has 8 unique letters and a 4 digit year that has unique numbers. By adding corresponding symbols based on the year you will have 16 characters. In order to achieve the highest form of complexity from the characters a 'template' can be used, which divides the 16 characters into 4 groups of 4 characters. Each group is comprised of 1 upper case letter, 1 lower case letter, 1 number and 1 symbol. The grouping within the template allows for easier memorizing while providing a relatively high level of randomizing which is essential for password complexity.
Figure 1 illustrates the basic concept of the template that will be used to create a 16 character password.
Creating the password
First you need to select a memorable word that contains 8 letters which are all unique. Here are 26 examples of such words:
absolute • backfire • calories • daughter • earplugs • fracture • gamblers • handover • idealogy • jackpots • keyboard • ladybugs • magnetic • networks • obstacle • padlocks • question • rainbows • sandwich • thinkers • unblocks • vineyard • wackiest • xanthous • yachtmen • zaptiehs
Now select a year (that is either memorable or connected to the word selected) that has all numbers being unique (for example 1549 or 1820 or 1945).
Using the selected year, select the corresponding symbols which relate to the each number. So 1 = !, 2 = @, 3 = # etc.
Take the selected word and alternate each letter with upper and lower case. As an example the word 'jackpots' will become 'JaCkPoTs'
To create the first group of 4 characters take the first and second letters from the word, add the first number from the year and add the first corresponding symbol. To create the second group of 4 characters take the third and fourth letters from the word, add the second number from the year and add the second corresponding symbol. Continue accordingly for the third and fourth croup of characters.
Lets look at a few examples of how the template works and how it can be relatively easy to remember.
As an example, let us imagine that you got your first computer way back in 1987. It was an IBM PS/2 and you remember it well because it was the first time you played chess on a PC. For this example of a password we can use the word 'computer' and the date '1987' They are both easy to remember as they relate to one another and have significance to you. Figure 2 illustrates how the template can be used to generate the 16 character password.
The resulting password would be: Co1!Mp9(Ut8*Er7&
For another example, let us imagine you studied horticulture and wrote a paper about cross pollination of fruit trees. You would be familiar with the term 'xenogamy' and the year '1876' would have significant meaning. As an alternative to the above example, you could alternate the cases of each letter by starting with a lower case letter.
The resulting password would be: xE1!nO8*gA7&mY6^
In a final example, let us imaging that you are a wine collector who enjoys wines from the South African cape winelands. You could use the word 'vineyard' and the year '1820' as they would have significant meaning to you based on your interest in viticulture. As an alternative to the above examples, you could begin your password with a number followed by an upper case letter followed by the corresponding symbol followed by the lower case letter.
The resulting password would be: 1V!i8N*e2Y@a0R)d
From the above examples you can see that in order to create a seemingly random, 16 character password that would be extremely difficult to remember, all you would need to actually remember is one word and a year and then the template you used. Please read the disclaimer below if you do intent on using this method for creating a password for any of your Online accounts or profiles.
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” ~ Gene Spafford
I hope this method helps you create better passwords in the future and if you have any suggestion, corrections or additional comments please feel free to leave them in the comments below.
Although much though, effort and calculation has been put into creating this method for crating a complex and memorable 16 character password, it does no guarantee a perfect password as any password can be guessed given enough computing power and time. While my method provides a solid base for creating a password, it does have some minor short comings and thus I encourage you to do you own research and determine your own method for creating passwords if you find mine to fall short of your security expectations. Should you decide to use this method to create a password you remain liable for your own security and I can not be held responsible for any resulting actions from using the above mentioned method for creating a password. To this extent, I strongly recommend that you change your password as frequent as every 2-3 months for high important or sensitive applications and every 4-6 months for lessor important or sensitive applications.