Basic Password Security

The security of your personal password depends on two concepts: the "strength" of your password and how well that password is protected.

There is considerable debate, even among experts, as to what determines password strength. There is also considerable agreement as to what makes for a weak password.

The primary factor which makes for a weak password is commonality, the same factor which tends to make for a password which is easy to remember.

A very complex password which is composed of easily remembered elements will be a weak password, even if most password programs rank it as strong. An obvious example would be 1a2B3c4D!@#.

Many experts in password security consider entropy to be a major factor in password strength. Entropy refers to the inherent disorder in a system, in this case the password in question.

Formulas currently used to calculate entropy for passwords consider length (number of characters) and the number of different characters used. These formulas would consider the above example to be strong. Articles on entropy can be found on the internet.

A truly strong password would be unique and have high entropy.

The problem would then be remembering the password. A number of applications are available to create and even manage passwords.

Some of these applications, such as LastPass and KeePassX, store and automatically enter your passwords. They automatically enter the password for you, and may encourage you to change passwords frequently.

These programs will check new passwords for strength, but remember that most programs which check for password strength miss some patently weak passwords. It should be noted that these applications are under continuous attack from hackers because they represent genuine gold mines for anyone wanting to steal passwords.

Another interesting approach to password security is the PasswordCard. supplies (over the internet) a unique wallet size card with a random array of characters (letters, digits, and symbols) in rows and columns. It generates passwords when you go to a column and row for a starting point. From the starting point, you go in any direction a set number of steps to generate your password.

You can carry the card in your wallet, since anyone stealing it would then still have a formidable task finding your passwords. All you have to remember is a number, a color, the length of your password, and a pattern. When you have a card printed, you can get a portion of it with only numbers in order to generate pin numbers.

One further concept concerning security is the concept of factors. The three factors in security systems are something you know (such as a password and security questions), something you have (such as a card or key), or something you are ( fingerprints, retinal scans, etc.). Multi-factor systems are more secure than single factor systems.