Derik’s story this morning on Linkin Park getting hackz0red took me back to my days when I used to teach the orientation computer classes at my school. Part of this involved having freshmen create a new password to replace the temporary one the school had issued them. We walked them through the basics: upper and lowercase letters, letters and numbers, obscure enough to be hard to guess, but easy enough to remember that you wouldn’t have to write it down. Despite that, we still regularly found that people would write down their new password on the card containing their ID and temporary password and then leave it in the lab. They usually got the point after we emailed them from their own account with a message reading: “Change your password, doofus.”
Anyway, it seems like as good a time as any to demonstrate how OS X can help you concoct a stronger password. Since 10.3, OS X has included a password assistant that can tell you how good a password you’re using. To access the assistant, go to the Accounts pane in System Preferences, then click the change password button. In the sheet that pops down, click the key icon, and the password assistant window (shown) will appear (don’t worry, you don’t have to actually change your account password; just hit ‘cancel’).
By default, the password assistant will generate a list of random passwords based on the length you’ve picked on the slider and the scheme selected in the drop down menu: Memorable, Letters & Numbers, Numbers Only, Random, or FIPS-181 compliant. You can also type your own password in. The Quality bar will lengthen and change from red to yellow to green depending on the strength of the password and the tips box will offer suggestions on how to strengthen your password (okay, I added that specific one in).
Now for my surefire password creation tip: Pick a word or phrase that you can easily remember, like a song lyric, quote, or the first line of a book. Then use alternating lower and upper case versions of the first letter of each word and toss a few memorable numbers at the end. For example, say you can’t get enough of A Tale of Two Cities, which you first read when you were sixteen. You might choose IwTbOtIwTwOt16. Easy to remember, but hard to guess unless someone knows you intimately. Likewise, a Star Wars fan might consider AlTaIaGfFa77. The possibilities are, indeed, endless—so there’s no need for you to follow in Linkin Park’s footsteps.
[Thanks to Moe for reminding us of this swell feature]
I deserve credit for this post. I mentioned this on my comment to Derik's post.... of course, you just went more into detail.
Seems like an excellent time to plug 1Passwd. http://www.1passwd.com I picked that up last week. Comes highly recommended from the likes of Leo Laporte. They have excellent videos posted as well, showing it off. Before you dismiss this as “yet another password utility that I can use the keychain for instead,” check out their videos. See how it augments the keychain rather than replaces it. It also helps you fill in your passwords as you are filling out a form, as well as the usual mundane information websites ask you for. Works with many browsers too.
@Moe: And so you should. Forgive my lapse, I've amended the post.
In addition to the hints listed, I like to use extended characters. Replace a 'T' with a dagger (option-t: †), a 'U' with mu (option-m: µ), an 'E' with sigma (option-w: ∑) or with an accent (option-e, then 'e' again: é), etc.
Thanks for the credit Dan. I love MacUser! :)
Ditto Walt's comments on 1Passwd. I've been using it since December and have been extremenly please with how easy it makes using multiple, strong passwords.