So, let’s examine one way to come up with a good password. (And later, some sites to check the strength of the password.)
One method is to take a phrase, such as, "Mary had a little lamb" Then, take the first or first two letters of that phrase to compose the password. In this case, I’ll choose the first two letters. This creates a password of:
Mahaalila
This can be strengthened even further with character substitution. Some Web sites don’t allow for symbols in the password, but fortunately, even without symbols this is a stronger password than most users will come up with on their own. Yet, this should still be easy for the user to remember.
Adding character substitution with the character "a" substituted with "@" and "i" with "1" gives:
M@h@@l1l@
This creates a pretty strong password. But, many organizations require the user to change passwords periodically. In these environments, most users will simply add a "1", "2", "3" until they can use the original password. Not surprisingly, this isn’t very secure.
To deal with periodic password changes in a secure way, an easy way is to simply add the date the password was change to the end of the password (or before, depending on preference.) So, if the password was changed on November 2008, then "1108" would be added to the password.
This gives:
M@h@@l1l@1108
This password should meet most organization’s password security requirements, yet still allow for the password to be easily remembered by most users.
But, how does one know how secure their password is? Here are some sites that check how strong a password is:
Microsoft’s password checker site:
http://www.microsoft.com/protect/yourself/password/checker.mspx
Password Strength Checker:
http://www.passwordmeter.com