Choosing a password
Running an Open Source OS on an Intel Mac
Choosing a Password
Weak and exposed passwords are among the most common causes of computer attacks.
The best security software and firewall in existence won't do much to protect you if someone else gets their hands on your password.
Protecting your password is simple. The goals are simply to make it hard to guess and not allow it to be seen.
Hard to Guess
Most passwords are stored in an encrypted form to prevent them from being stolen. When you log into a computer, the system encrypts the password you type and then compares the encrypted form or what you typed to what is stored on the computer. If they match, then you have successfully logged in.
Hackers can often easily obtain your encrypted password directly from a file on a computer or by eavesdropping on a network connection. This in itself does them no good. They need the unencrypted password in order to log into your account.
Passwords are encrypted using irreversible encryption, so it's impossible to directly decrypt the encrypted password. So, what hackers have to do is simply generate a series of guesses at your password, encrypt them, and see if their encrypted guesses matches what they obtained.
A modern computer can test many thousands of guesses per second. Hence, the key to a strong password is choosing one that comes from a large space of possibilities.
Suppose a hacker's computer can encrypt and compare 10,000 guesses per second.
We see that a long, random password with many different types of characters is best for security.
Passwords that are, or even contain, a real word, your name, pet's name, birth date, or any other personal information are the worst possible choice.
Older systems often limited password length to 8 characters. Modern systems allow much longer strings, which opens up the possibility of using a "pass phrase" instead of a "password". A pass phrase consists of multiple real words separated by random characters. Pass phrases tend to be easier to remember than random passwords, but more secure.
A pass phrase consisting of three English words separated by 2 random characters has 170,000 * 80 * 170,000 * 80 * 170,000 = 31,443,200,000,000,000,000 possibilities, which will take our hacker 99,705,733.13 years to test.
Protecting your Passwords