What Makes a Password Weak or Strong

Tips for making the perfect password

Photo: Steven Puetzer / Getty

Passwords. We use them everyday. Some are better than others. What makes a good password good and a bad password bad? Is it the length of the password? Is it numbers? How about numbers? Do you really need all those fancy special characters? Is there such thing as a perfect password?

Let's take a look at the different factors that make a password weak or strong and find out what you can do to make your passwords better.

A Good Password is Random, A Bad Password is Predictable

The more random your password the better. Why? Because if your password is made up of patterns of numbers or keystroke patterns then it will likely be easily cracked by hackers using dictionary-based password cracking tools.

A Good Password is Complex, A Bad Password is Simple

If you only use numbers in your password, then it will likely be cracked in a matter of seconds by a password cracking tool. Creating Alpha-numeric passwords increases the total number of possible combinations which also increases the amount of time and effort needed to crack the password. Adding special characters to the mix also helps.

A Good Password is Long, A Bad Password is Short (duh)

The length of a password is one of the biggest factors in how quickly it can be cracked by password cracking tools. The is the longer the password the better. Make your password as long as you possibly can stand.

Traditionally, password cracking tools will require much more time and computing power to tackle longer passwords, such as those 15 characters or longer, however, future advancements in processing power may change the current password limit standards.

Password Creation Cheats You Should Avoid:

Reusing Old Passwords

While reusing old passwords seems like a brain saver, it increases the likelihood that your account might be hacked because if someone had one of your old passwords and you've cycled back to using that password then your account may become compromised.

Keyboard Patterns

Using a keyboard pattern may help you bypass your systems password complexity checking, but keyboard patterns are part of every good cracking dictionary file that hackers use to crack passwords. Even a fairly long and complex keyboard pattern is likely already part of the hacking dictionary file and will likely result in your password being cracked in mere seconds.

Password Doubling

Simply typing the same password twice to meet password length requirements doesn't make it a stronger password. In fact, it can make it very weak because you have introduced a pattern into your password and patterns are bad.

Dictionary Words

Again, using whole words in a password is not advisable because hacking tools are built to target passwords containing whole words or partial words. You may be tempted to use dictionary words in your longer passphrases but you should avoid this because dictionary words as part of passphrases may still be crackable.

A Note To System Administrators:

It is up to you to make sure you don't allow your users to create weak passwords. You need to ensure that the workstations and servers that you manage have password policy checking implemented so that users are forced to come up with strong passwords. For guidance on implementing password policy standards, check out our Password Policy Settings Explained Page for details.

Password Cracking Explained

A lot of users think that their password is safe because they think that a hacker can only make 3 attempts on their password before the account is locked. What many users don't understand is that password hackers steal the password file and then attempt to crack that file offline. They will only log into the live system after they have obtained a cracked password and know that it is one that is going to work. For more information on how the hackers crack passwords. Check out our article: Your Password's Worst Nightmare

More From Us