Simple tools to generate strong password

In my last post we discussed about why one should have strong and unique password for every important account. Today we will discuss some simple tools and techniques to generate strong password.

There are a number of ways to generate strong password. There are simple tools like Secure Password Generator, which allow you to choose length and character sets (uppercase, lowercase, numbers, symbols) and randomly generates a strong password for you. It also tries to suggest a phonetic pronunciation to help you remember your password with the first letters of the words in the sentence. If you are dealing with just a couple of passwords or using some sort of Password Manager to manage your password then this could be useful.

Computational Knowledge Engine Wolfram|Alpha also allows you to do the same. All you need to do is to type something like “password of 15 characters” and you’re done. A random 15 character password using ‘typical password rules’ will be suggested for you. You can always modify these password rules to suit your needs. But it does not stop there. Along with password, it also suggests a phonetic form to help you remember the password. It also generates some additional passwords based on same input criteria.

Generate strong password using Wolfram|Alpha
Generate strong password using Wolfram|Alpha

If this is not enough, it also serves you some geeky details of your password. For a given input criteria, possible number of password combinations, time required to enumerate through all those passwords at 100000 passwords per second (Brute-force attack) is also suggested. Security experts suggest that you should have minimum 80 bits of entropy (in simple words a quantification of how random and how unpredictable) for a strong password, and what we got here is 110 bits which is due to the fact that we choose long passwords from a wide variety of characters.

Properties of password type
Properties of password type

Why you should have strong and unique passwords?

As life is transforming more and more digital, literally every passing day, the acquired convenience comes with a big concern. The concern is to protect your digital life. Today, a normal (non-geeky) person deals with at least 10-15 web services or applications. Internet savvy people like me deals with over 100 different services on the Internet and it keeps growing. You have accounts for online banking, shopping, utility payment, email, social networks, and cloud storage to count a few. All of these services require you to enter a password to obtain access. In-fact you have to protect your office computer with a password and its highly recommended that you do the same for your personal computer as well. All the personal devices like laptop, tablets, and smart phones should have strong & unique passwords/pin. One should also protect their Wi-Fi network key by a pin or password. The point is, one has to deal with multiple services and devices and mostly forced to have passwords to protect those.

Weak Passwords
Is your password this weak?

Not many would disagree with me when I say that your life may turn upside down if any of these accounts are compromised. For an entry-level hacker, it is a matter of minutes to crack average or rather weak passwords like “Password” or “12345” or “qwerty”. Having passwords which contain easily discoverable (social engineered) personal information are also equally vulnerable. A password that contains dictionary words (in any language) will not help either. Even the variations like reversing the letters in that dictionary word or using common misspellings pose an equal threat. Equipped with advance computers, hackers can exploit enormous computing power to launch a dictionary attack and crack such passwords in a matter of minutes. We hear stories about individuals and big enterprises like Sony, LinkedIn, Adobe, Evernote and many others being hacked every now and then. In short, you are up against major challenge and lousy passwords simply will not do.

Another important aspect is to have unique password for different accounts or at-least for the important ones. It is OK to have the same password for rather less important services that do NOT store personal (social network, photos, and files) or financial (credit card) information like your pizza delivery or free on-line newspaper. However, all your banks, email, social network, photo sharing, cloud storage accounts individually must have strong and unique passwords. This ensures that even if one of these accounts is compromised due to poor security practice of the service provider, you are still in control of the other accounts and damage is limited. Imagine all these services having same passwords and what could happen when someone gets access to all your accounts at once.

Here is a simple checklist of things to avoid to ensure that your passwords do not fall into “weak” category

Finally, a poster of the 500 worst passwords for you to chew on.