Okay… having just found this site (http://bhandler.spaces.live.com/Blog/cns!1pt1v0Q4vD8jSvNS4lqdAuug!246.entry) I thought I’d provide a few more hints about good passwords ! But ultimately the comment by EshuunDara is what’s needed; multiple-stage authentication using smartcards, passwords etc… But then this isn’t always possible or practical.
A couple of tips for creating secure but still (hopefully) quite easy to remember passwords:
- Use your mobile ! Some Nokia’s have a PIN protected "Wallet"; I’m not saying it’s uncrackable (I’d probably be horrified) but it must be safer than a post-it note on the monitor (surely ?).
- Use non-English words. It might not be very secure but I used Ophcrack (http://ophcrack.sourceforge.net/) yesterday and it failed to find a simple word with a number attached- and I’m assuming that this was because it was non-English, not because the password was particularly secure.
- Contract a meaningful phrase into a password: "I went on holiday to Barbados in 2007" becomes "IwohtBi2007". Make it harder; switch the "to" for a "2" and use the last two digits of the year: "Iwoh2B07". This would be much harder than just "Barbados07", is a fairly random mix of characters but still quite memorable.
- Make the password as long as you can manage- I’m not sure of the maths, but each extra character makes the passwsord a lot harder to crack (using things like capitals, symbols and numbers helps a lot too, but beware using symbols that can change places or meaning on different language keyboards layouts- the # and £ swaping places, for example)
- Of course, if you can actually remember random numbers then all the better…