Tips on a strong password

Can anyone give me some advice on what would make a strong password. I had an old Hotmail account with a simple 8 letter lower case password that was hacked somehow.

I'm worried about the same thing happening to a site with my credit card details.....

So please what makes a strong password? Thanks

copacetic

take random letters and numbers lying around your desk and jumble them
together to make a word. use a mix of capitals and lower case. then change it
every week...

never use an actual word, always use numbers too. always use a mix of cases.

NutJob

Was your PC secure?

could there have been a keylogger?

was your question to change password simple?

Did you store the password in the browser?

did you accept an invalid ssl cert?

...





heres what you asked for:

PDF:
http://www.sans.org/resources/policies/Password_Policy.pdf
Html:
http://66.102.9.104/search?q=cache:C8Cck8ejlkEJ:www.sans.org/resources/policies/Password_Policy.pdf+sans+password+guidelines&hl=en&ct=clnk&cd=1&gl=ie&client=firefox-a

Passport

o5f398fGejcisp3d

jhegarty

ohfhskf343232QQQQ&&^£""

Cal

Go for an expression to make it easy to remember.

Example:- Boards takes up too much of my time each day.

Taking the first letter of each word will give you 'btutmomted' You should take a symbol and a number and stick them in too. i.e. &btutmomted8

Not easy to crack but easy to remember.

Cal.

scojones

A mixture of numbers, letters and characters - nothing of which has any relevance to you or your life that someone who knows you in person would know about.

My passwords consist of mixed up words with numbers and strange characters, like so:

/*118_CrEbUlMmEeRsgG*/

Which is a mixture of the world Creme Egg and Bulmers, jumbled together both in lower and upper case.

If you are going to use words then jumble them up, make them a combination of uppper and lower case helps.

As well as having strong passwords, you need to make sure that with the likes of hotmail, your secret question / answer combo is not easily guessed. For instance "What town am I from", "What's my Dad's name", "My Mother's maiden name" all of which are weak and anyone who knows you could easily know.

Martyr

imho a good password is some random phrase, as Cal already said "Boards takes up too much of my time each day"... easy to remember but difficult to crack.

and as NutJob hints, there are alot of ways that could have been used to your password.

its quite likely that you may have been using a computer with a keylogger installed, ..perhaps with a network sniffer running on same network, or been duped into entering your credentials on a site masquerading as hotmail..or do you use the same password for hotmail as in other services?

the secret question/answer also.

do you use the autocomplete functionality of your browser? many ways your credentials could have been found.

8 characters is too low, but then some of those sites don't allow long passwords.

Mary-Ellen

Hey there,
Hope this linky linky works
http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
That guy is like 'the dude' for computer security and the articles short and pretty interesting

some computer experts are lately recomending choosing and really long hard one and writting it down (sounds crazy) but apparently because of brute force attacks focusing on common things like appendixes attached to pronouncable words it's safer to have it written down and in the safty of your wallet (but the article explains that stuff) :rolleyes: