Use a “pass-passphrase” instead. Let’s see the difference between these two.

Password

Let’s see its definition:

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password must be kept secret from those not allowed access.From Wikipedia

So, first of all it is a “word”. Often something like “pa5vv0rd” or something similar: one word or one word with some strange signs like “$!.,;%”. If they are above 8-10 characters, you may think it is strong enough. Wrong! Having the feeling of ‘being the owner of a secure password’ or the owner of ‘the One Ring to rule them all’ you start to use it everywhere: email account(s), forum(s) and social network sites, etc. If you do so, you can kiss good-bye to your internet identity; someone will stole it for sure.

(Weak) passwords are words that are easy to guess and that use just the 26 letters or the alphabet. They are usually something personal.

My precious…

Let’s find a way to create a strong password that follows few of the base rules:

• avoid any password based on repetition, letter or number sequences, usernames, relative or pet names, or biographical information (eg, dates, ID numbers, ancestors names or dates, ...);
• avoid dictionary words;
• include numbers, symbols, upper and lowercase letters in passwords;
• password length should be minimum 8 characters;
• password must contains uppercase and lowercase letters + numbers + symbols

And I will add a personal one:

• avoid using english! Well, actually avoid any word at all. Or common use languages.

Let’s make something according to above rules:

• Q!@#P)(*q123p098 — mixes uppercase, lowercase, numbers, and punctuation
  what I did was to use shift+q123p098 and then the same keys without shift
  this is more a visual password: look at the keys location on your keyboard
• Use a password generator: 36a7N/x0DxV64 = 3 6 amazon 7 NOKIA / xbox 0 DISNEY xbox VIRGIN 6 4
  gibberish, isn’t it? You can generate one too visiting this page

Which one from above is stronger? Let’s see.

And the examples can continue. But, we miss something…

Password fatigue

Password fatigue, also known as Password chaos or identity chaos, is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to logon to a computer at work, undo a bicycle lock or conduct banking from an ATM.

Keep in mind that you must not use the same password twice; so, you create another one… and another, and another. So, for each password, you have to remember the keys disposal, the ‘graphic’, the ‘formula’.
Have more than 5 passwords this way? You’ll mix, switch, forget them. You’ll forget which one is where…
You’ll get pissed off. And in the end you’ll get back to those simple passwords you’ve been in love with: “123abc”,“123456”,“p@55vv0rd”, etc…

Use a formula

Let’s see: you have an account on yahoo. “yahoo.com” = 5moc.00Hi!
- ‘yahoo’ = 5 letters
- ‘moc’ = reversed “com”
- “oohay” = reversed “yahoo”, but it sounds like “oo - hi” = 00Hai! (don’t use ‘english’, remember?)

Let’s see “gmail.com” = gmlcm!@*(.()
- I removed vocals = “gmlcm”
- I placed them at the end: gmlcmaio;
- each vocal I surrounded by top 2 numbers keys: look above “a” - we have “1” and “2”. Use shift
- the same for “i” = “8” and “9”; which is the same for “o” key. Use shift on them too.
- I kept the “.” untouched.

Well, these are just 2 of the many methods that a human mind can think of. You can create your own formula this way: the way you can make it complex is endless.

But… how much time do you waste in front of the password prompt when you’re about to re-create a password using a ‘formula’? 1.. 2 minutes? Can you mess it up? Of course… The more complex it is, the more time you’ll lose.

Size does matter!

A very nice article about passwords size you can find here:

For everyone using six- to nine-character passwords with “complexity,” I appreciate it. I get paid to break in to systems for a living, and you make my job easier.

Strength is provided by increasing the number of possible passwords the attacker has to guess (let’s call this the keyspace even though it really isn’t appropriate in this context). The keyspace is represented mathematically as X^L, where X is the number of possible characters that can be in the password and L is the length. If you do the basic analysis, you can see that changes in L are more significant, character for character, than changes in X.
from Infoworld

In translation: the longer, the better.
So, more gibberish then? Yes! Make you password longer and with more-no-logic-characters. But what about human mind which has to remember all those characters and signs that have no logic at all? It will refuse to ‘save’ it… and you’ll forget it in about 1.2 seconds. Or less…
Then .. what?
Then.. don’t use passwords at all!
We’ll talk more about “passphrases” in part two of this post. Stay tuned!