Pin Me

How to Defend Your Passwords from Brute Force and Dictionary Attacks

written by: N Nayab•edited by: Bill Fulks•updated: 9/16/2011

Ever had your password guessed then misused by someone? You need to create a strong password that no one can figure out with any number of tries. Follow these tips to create strong and secure passwords.

  • slide 1 of 4

    Create Alphanumeric Mixed Case Passwords

    How to Create Secure Passwords The first and basic rules toward secure passwords is making sure the password is alphanumeric and mixed case, or a mixture of both numbers and letters (lowercase and uppercase) such as "etL590H".

    Hackers use password guessing methods such as a dictionary attack or brute force attack, which is using different words and word combinations in various permutations and combinations, to guess the password. In dictionary attacks, the hacker tries all the letters in different combinations from an exhaustive list, whereas in a brute force attack, the hacker searches a large proportion of key space systematically.

  • slide 2 of 4

    Password Length

    How to Create Secure Passwords Brute force and dictionary attacks succeed in deciphering passwords within minutes when people choose short and simple passwords, of 7 characters or fewer, and easily predicted variations on words, such as appending a digit. Alpha-Numeric mixed case passwords make trying out the various combinations much more difficult, thus increasing the number of possible combinations by millions. To put things in perspective, a password like "abc" has a maximum of 6 possible password combinations whereas a password like "abc0987" has 6000 possible combinations. The recommended password length for high security transactions, such as online banking, is 15 characters.

    Tools such as Atek Secure Password Organizer makes it easy to remember lengthy passwords, but if hackers compromise such tools, then the entire exercise becomes futile. The best approach is to confine passwords to memory.

  • slide 3 of 4

    Never Include Personal Information in Password

    Many people use their name, age, address, a family member name, date of birth, or some other persona information they can remember easily as their passwords. This is a cardinal mistake, for it makes the hacker's job easy. Hackers need not be complete strangers. A colleague or a friend may themselves be the instigators, and such personal details in passwords make it very easy for them to guess the password in a few attempts. Even otherwise, a determined hacker can pry social network sites to root out a user's basic personal information.

    If you are using easy to remember passwords, use pass phrases rather than simple passwords, which make the hacker's job that much more difficult. Also use phrases such as the favorite childhood book, secret pleasure or something else that remains relatively unknown to others.

  • slide 4 of 4

    Include Special Symbols for Strong Passwords

    As an added measure of security, include symbols over alphanumeric characters in a password. Symbols are special characters, accessed by holding down the Shift key and pressing one of the number keys (0-9) on the keyboard. There are many more characters, which, if used, can make an even stronger password. To access them, hold down the ALT key and press any combination of numbers on the number pad (number keys at right hand side of the keyboard).

    Another advantage of special symbols is the ability to use personal information to some extent without others being able to decipher the password. For instance, "I.WaS.BoRn.@.ElM.StReEt" is much more secure than simply "elmstreet" or "I.was.born.at.elm.street" This allows creating easy to remember yet difficult to break passwords.

    Finally, besides making an unbreakable password, it is a good idea to change the password every 30 days or so.