If you want a fun and visual way to check your passwords, take a look at the passwordmeter webpage. It contains a password checker which shows you the strength of your password and breaks it down into many factors, showing their relative weight in the equation and how well you do in each.

It adds points for character count, number count, symbol count and so on, and deducts for things like letters only passwords, consecutive numbers, sequential letters and so on.

It’s actually quite a useful tool if you have a password and want to modify it a bit. You can add a number instead of a letter, replace a consecutive letter with a symbol and so on.

As I’ve seen recently, the worst security leaks ever, are the users themselves. They create passwords like Daniel1985, which is just absurd, and other “impossible” to guess ones. So how do I go around creating random ones? Well, I never-ever use software, or at least not without any user intervention. I basically have two methods.

Software and randomness

<--adsense#old-->

One thing I’ve done is create 8 character passwords with software using who knows what algorithms, which yield results such as “A@-8Q:uS”. This alone isn’t bad, but I feel that since this is an algorithm, it can be reverse engineered. The essence of an algorithm is actually just that. It is a set of rules. It takes an input and transforms it into an output, with a set of variables. However complex this is, it can be reverse engineered. Therefore, I take the result, and randomly modify it, maybe even adding, taking away characters. So it may become: “I@-8\:uS” This subtle change brings a random element into the algorithm that makes it much harder to break.

Make sure that when you create the password it contains all the characters it can contain. Only choose a password creator that is capable of including symbols like “@” and “:” and even the quotes themselves. You can also create 10-16 character passwords, since these can’t really be remembered you will probably store them somewhere and then it doesn’t really matter.

Total randomness

You can also just create random passwords yourself. I find that the best way is to type gibberish first, and then add in symbols randomly. You should take care to vary the length of your password, the placement of special characters, the type of special characters, and always, always have capital and small letters, numbers and symbols.

<--adsense#old-->

It may actually be hard to come up with really random ones, since I find that if I type numbers randomly I pretty much tend to put in some pattern by mistake. For example, if I start a number with three character with a “1″, I will almost always continue ascending, “148″ or “139″. Also, unlike I did here, my second number tends to be farther away from the first than it is from the second, in 70% of the cases, it tends to be a “5″ actually.

People are not really built for randomness. Can you draw a non-special triangle for example? It can’t be right angled, equilateral, and so on. All sides and angles must be noticeably different. It’s much harder than you think.

The lesson is, always be careful when trying to create random passwords, because what may seem random to you, may not be. I would bet that many true hackers know many behavioral patterns like this and may use this knowledge in breaking passwords.

The bottom line

The bottom line is that there is no unbreakable password. This is true for your online banking as well as your offline one. It was in the news that people actually got to bank account numbers by recording the pin number sequence people pushed in an ATM with a camera, and they built a card reader into the slot of the ATM machine itself.

So whatever you do, you are never totally safe. If you watch your passwords and your email though you will be as safe as you are in the real world. Noone wants to break secure passwords because there are still millions of insecure ones.

Giveawayoftheday is offering Password Generator 2008 for free for another 6 hours, so hurry up and grab a copy if you want to have some security.

Usernames and passwords are the place where internet security could really be improved. One commenter sparked a post, Information security on the internet, and something I probably left out, or at least didn’t mention specifically, is that the source of most attacks is the inability of users act normally and safely.

When you’re at the ATM, you don’t read your PIN number out loud as you type it, but on the net many do the internet equivalent of it.

Don’t use a birth date as a code for example, seeing that most of the users are below 50 and above 12 I can break any password in about 40 goes. Also, don’t use your name, or any meaningful word, since those again are breakable. You are up to about 5000 variations then, but for code breaker software, that’s about 10 seconds.

If you want to be safe, use a password like A.;ksb#cv@72=1AHdi;p. Try and break that. You can use a program like Shortkeys to paste these codes safely without fear of someone “listening in” and that’s it. To create these passwords you can just make them up randomly like I did, or use the help of sophisticated applications like Password Generator 2008.

You can control a huge load of variables, so if an application restricts the password to 8 characters and “;” can not be used for example, you will have no problem programing this into the generator. You can generate user names to go along with the passwords, you can generate pronounceable passes, and you can export them. In addition you can create up to 1,000 passes at once (50,000 for pro users) and you can set to block consecutive characters, both alphabetical (abcde) and keyboard (asdf).

The program also has a very modern user interface, mimicking Office 2007’s ribbon. This makes navigation a breeze an I just love the ribbon, so developing an interface like it is a definite plus in my book, even if it is a slight ripoff. I think this program is worth the download, especially since it is free for the next few hours. Normally it costs EUR 40, which is about $50, so at least a test run is warranted, if you don’t like it, just uninstall it.

Get Password Generator 2008 via Giveaway of the Day