Making Better Passwords
One of my favorite training assets is ScreenCastsOnline from Mac pioneer Don McAllister. Each week they produce a full tutorial and a shorter tip video on Mac software and services.
This week, the main tutorial was on a free online service called xkpasswd. This open-source service will produce incredibly secure passwords. There are five settings that you can customize, and based on these settings, the site will generate several passwords from which you may pick one that you like.
The five settings include:
• Words: set the max number of letters and the number of words
• Transformations: use the lower and upper case letters on words
• Separator: a randomly chosen character to separate words
• Padding Digits: any number of digits before and after the words
• Padding Symbols: any number of symbols added to the front and back of the password.
After generating several passwords, the site will evaluate the level of safeness of the results. When the strength of the password is good or better, the numbers are shown in green. Less secure results display in red. This immediate assessment gives you the data you need to know that the password you select will be safe and extremely difficult to hack.
The site also has generated several configurations of the above five settings for specific uses. One configuration is designed for Apple ID passwords specifically. The values set are designed to respect the prerequisites that Apple places on Apple ID passwords. But, it also limits the symbols found on the iOS letter and number keyboards, so entering the password is easier.
One other configuration is called SECURITYQ and is designed to create answers to those pesky security questions such as the first name of the maid of honor at your wedding or your mother’s maiden name. Answering these questions with something other than the truth is really important since today’s hackers are getting very good at researching information about their prey. This configuration will help generate good answers to these questions without any relationship to reality.
The site is free, but they do note that the server that is running the application is not free, and they welcome donations.
Remember that all of these passwords need to be kept secure with good password management software such as 1Password, LastPass, and Dashlane.