Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words are harder to guess (a desirable property), but are generally harder for users to remember (an undesirable property). A strong password is a password that meets the following guidelines:
-
Be eight or more characters long. For obvious reasons, longer length passwords are preferable.
-
Contain both uppercase and lowercase letters.
-
Contain numbers.
-
Contain symbols, such as +-*@#%=?!_;.
-
Not resemble any of previously entered passwords.
-
Not be the user's name, a friend's or a family member's name, or the login value.
-
Not be a dictionary word or common name.
Password guessing
Studies of production computer systems have for decades consistently shown that about 40% of all user-chosen passwords are readily guessed automatically, and still more with some individual research regarding a particular user. Password strength is the likelihood that a password cannot be guessed or discovered by an unauthorised person or computer. Passwords easily guessed are termed weak or vulnerable; passwords very difficult or impossible to guess are considered strong.