Your password isn't safe - take this simple test to find out how many minutes it would take to crack

There's a well-known saying in information security that the weakest part of any computer system is the person using it. One area where this becomes abundantly clear is in the use of passwords. Allowing users to choose their own passwords can be fatal, with most people not having the first clue about what makes a password secure or insecure. Below is a tick list of what makes an insecure password. Go through the list and count how many of these things apply to you to find out just how secure your password is.

1. Your password is a word that can be found in the dictionary.

This really is a rookie error. If your password can be found in a dictionary then that may make it vulnerable to brute-forcing, the technique of guessing every English language word until your password is revealed.

2. Your password is your birthday.

Thought it was really savvy that you used numbers rather than letters? By now it has become a hacker tradition to guess someone's birthday as their password before anything else.

3. Your password is a personal detail about yourself.

As far as I know, no-one has taken a survey yet, but I'm pretty sure a large percentage of  'hackers' actually know the people that they hack. Your dog's name is not a secure password, and the place where you met your wife is not a secure password. Personal details are guessable and so make bad passwords.

4. Your password does not make use of any characters other than letters.

As long as you're not just writing a word and adding '1'  to the end, bringing in numbers and other characters (_:@#p}) make a password more random, less guessable and far more secure.

5. Your password is not randomly generated.

Some people use little patterns or algorithms to generate random-looking passwords. This may seem like a good idea if you work in a job whereby you have to change your password regularly. It may be easier to remember a modification of your old password than a completely new one, but it's not as secure as a completely randomised password. A simple random password generator can be found at www.goodpassword.com

One final caveat: You can have the most secure password in the world, but if you filled in a 'security question' you need to make sure that the answer to that is equally un-guessable. Recently Sarah Palin's email password was hacked using information gleaned solely from the use of Wikipedia and Google. The most secure systems will not have a 'Forgot your password tool'. If you are particularly security conscious then you may want to consider switching to these systems or using harder-to-guess information in your security question answers.

What’s Hot on Infosecurity Magazine?