How strong is your password?
This is a question most people don't ask themselves often enough. A good strong
password is essential if you want to keep your data / bank accounts safe.
A strong password should appear to be a random string of characters. It should be
as long as possible, (eight characters minimum). It should include a combination of uppercase and lowercase letters, numbers, and symbols.
There are many password testers out there on the web... However they are not
as good as they should be. For example Microsoft's own tester says that Pa55word
is Strong... - try it yourself microsoft.com/protect/yourself/password/checker.mspx
To be fair to Microsoft they don't check the password itself but
analyse it against set criteria such as does it contain capital letters, lower
case letters, symbols and numbers. - which of course Pa55word does but if you
use it as a password don't expect your data to be safe for very long. Its not
the hardest to guess.
Once again this year the word "Password" came in the top ten most
commonly used passwords and if I was interested in breaking in to other peoples
accounts it would be one of the first words I would try.
Microsoft is not the only password strength tester on the internet that
scores "Pa55word" as strong... everyone uses the same criteria.
The reason all these sites are not as clever as they could be is that they
want to reassure the user - You - that the data is not transmitted to other
pages within their sites exposing it to a theoretical compromise.
In my opinion this is the site owner worrying a little too much firstly
unless they know who you are and what your password is going to be used for no
one can make much use of it. - For example the word Password comes into the top
ten most common passwords this year but what can we do about this
Can we log into AcmeBank.com and start typing the word "password"
into as many boxes as possible in the hope that something will happen -- No we
cant. One of the main reasons we cant do this is because we need to know the
user name associated with the password. In techno babble this is called a
"Value Pair" i.e. unless both the user name and password match what
the system is expecting then it will not let you in.