Debates still rage over what constitutes a good, secure password. A recent Lifehacker article linked to a much older article by Founding Editor Gina Trapani entitled “Choose (and remember) great passwords” (2006). Her suggestions are smart and reasonable, aimed at steering people away from the danger of using one password for all of their online needs. Her method is simple in theory—pick a base password then customize that to the individual site. Trapani’s base password suggestions include keyboard patterns (asdf) or a combination of initials and a special date, followed by something like AMA for Amazon, so a password could look something like ASDFAMA.
The most interesting part of the article was the ire in the comments. Some commentators felt that the password combinations were far too simple; if Amazon were hacked, with the AMA extension being far too big a coincidence to ignore, the next logical step would be to apply the previous letters to another site, appending a relevant three letter code. Indeed, in testing out a few of her passwords on a password strength checker online, they ranged from “Very Weak” to “Weak,” with only one “Good” rating. (To guarantee an exceptional rating, formulate passwords with the PC Tools Secure Password Generator.)
The counterargument to Trapani’s article pointed out that far too many people still use the same catchall password, and if this article can cause them to take baby steps towards greater online security, then progress certainly has been made.
The first camp would probably reply that if you’re going to change your password anyway, might as well be as intelligent as possible in doing so. What, then, does make a good password? The aforementioned password strength checker awards points based on the following criteria:
Number of characters
Middle numbers or symbols (inserted among the letters rather than placed at the beginning or the end)
Deductions are made in the case of:
Consecutive uppercase or lowercase letters
Sequential letters or numbers
The bottom line is that combination and variety are most important in selecting smart passwords—emphasis on the “s” of passwords.