Creating secure passwords

The commonly accepted minimum standard for a secure password, and the adopted default security level by Microsoft Active Directory, will be least:

• 8 characters in length
• A mixture of any three of the following: upper case letters, lower case letters, numbers, and non-alphanumeric numbers (e.g. asterisks, exclamation marks and so on)

Inventing a password isn't too difficult - my recommendation is to think of a base word that will be in all your passwords, and then vary it according to the situation that the password is used in, or every time you need to change it. For example:

Fingers1
Fingers2
Fingers3
...etc

Password crackers commonly use dictionaries of words to attack site, so the above example isn't very good, but you get the idea of how a variation can help you create something that's easy to remember. Dictionaries are often based around words found in common English dictionaries, and if your computer has any spyware installed may also contain words that you've entered into your computer, e.g. in search browsers or in documents. Crackers will then use programs to try every one of these words or variations thereof in an attempt to break into your password protected system/file etc.

Most systems that require a password will also check for password likeness - again in the case of Windows, means that your new password can't contain any 3 consecutive characters from your previous password or username. To illustrate, the following change of password would be invalid because both the old password and new password contain the substring "Fin":

Old password: Fingers1
New password: Finding1

You can get around this by substituting numbers for letters that visually look similar. For example:

• 1 is like l or L or I
• 3 is like E
  
• 4 looks a bit like A
• 5 is like S
• 6 is like G
• 7 is like T
• 8 is like B
• 9 like G or g
• 0 like o or O

There are also some non-alphanumeric characters that look a bit like letters too (if you use your imagination!)

• + is like t
• ! and | are like I, L or l
• $ is liks S
• £ is like E
• * is like 0 or O
• ( and [ and <>
• / is like r or R
• @ is like or a
• % is a bit like B

You can even go one step further and combine non-alphanumeric characters to form sequences that look a bit like letters, although it gets a bit abstract at this point:

• |_ looks like L
• /\ and /| and |\ look a bit like A
• |- and -| look a bit like a sideways T (or a small t)
• |= looks a bit like F
  
• \/\/ and \|/ looks like a W
• \/ and |/ and \| looks like V
• |\| looks like N
• |\|\ looks like M
• and so on
  

So, using these three tables of substitutes, our original password (Fingers1) can be changed to any of the following:

Fingers1
F1ng3r51
F1n63/51
|=||\|G3/51

So you see that the simple password that we started off with can quickly and simply become incredibly obscure.