Finding a good master password

Back to Overview

Size matters

A short password can be easily revealed by a brute-force attack, where the attacker tries every combination of letters until your password is found. The master password should have 8 letters at least, but our recommendation is 12 or more letters.

A single letter correponds to 6 bits, and a 8-letter password corresponds to 48 bits. Today it takes a very long time to test 2^48 passwords, but computers are getting faster. A password with 12 letters corresponds to 72 bits, which means, that you need 2^24 more time for a brute-force attack. If, for example, a 8-letter password can be cracked in one month, it would take over a million years to crack a 12-letter password.

Don't use natural language

OK, it is important to memorize the master password, but don't use words like "elephant" or "Madagaskar" or "Stevenson". The reason is, that all these words can be found in dictionaries. To avoid the long processing time of a brute-force attack, many hackers just use a dictionary of about 100,000 words instead of trillions of letter combinations. Such an attack is a matter of hours, and your password is revealed.

Avoid obvious passwords

Be aware, that the attacker might have some knowledge about you. The attacker might know your family, or the attacker might know, what projects you are working on. Or the attacker might have stolen your computer and creates a dictionary of all words found at your hard disk. For this reason names and dates of friends, pets, family members and colleagues are a very bad idea to use as a master password.

Mix them up

Use all keys your keyboard has. Mix small and capital letters, use some digits and don't forget special characters.

It's so complicate. What shall I do?

Taking care of all these rules results in passwords like "It'snh,nhbu,auos". How to memorize such password monsters?

Your question is fully understood. But there are some tricks:

The sentence trick

Find a sentence, which you can memorize very well. Then, abbreviate it. For example the sentence "Imagine there's no heaven, no hell below us, above us only sky" gives the monster password from above.

The streets trick

Maybe you know a route with all street names very well. For example your way to school or your way home from work. Take from any street the first and last letter, and for every turn left or turn right you choose a special character.

The multiple words trick

OK, if you like to use "normal" words, use them. But use at least three of them and combine them with special characters. Example: "Thus/quote_the-raven"

Do you have better tricks for strong passwords? Share them with us, we will include them with the next version of the program.

Copyright © 2008 ELKOSOFT Software GmbH, all rights reserved