Computers can figure out your password by trying all possible combinations of letters and numbers. A brute force attack usually begins with a dictionary attack – the computer tries every word in the dictionary as your password. This would take a human a long time to attempt, computers can do it at speeds of up to a million passwords per second. Should a dictionary attack prove unsuccessful, all possible combinations of letters, numbers and punctuation is attempted as your password. This method would inevitably find your password sooner or later, the only barrier is time.
{|class="wikitable" style="text-align: center;
! style="text-alight:left;"| Length/Variations
!26
|45, 582 millennia
|}
''Here's a rough guide to how how much time a relatively simply laptop will require to brute force your password. The top row indicates the pool of variation in your password (small letters, small letters and numbers, small letters and capitalisation, small letters and capitalization and numbers and four signs of punctuation). The left hand column indicates the length of your password.''
'''Media:''' http://www.decryptum.com/ can decrypt your word or excel document online. http://www.elcomsoft.com/aopr.html is a software you can download to 'recover' access to protected MS Office documents.
===Step 5: What is a strong password?===
A password should be difficult to guess or for a computer program to workout.
*'''Make it long:''' The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. You could also try using a whole sentence as your password.
*'''Make it complex:''' In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password.
*'''Don't make it personal:''' Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you.
*'''Keep it secret:''' Do not share your password with anyone unless it is absolutely necessary. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access.
*'''Keep it unique:''' Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information.
*'''Keep it fresh:''' Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out.
'''Media:''' Check how strong your password is http://howsecureismypassword.net
{{#ev:youtube|3DKff6sFm1c}}
{{#ev:youtube|qAend7JaNFU}}
===Step 6: How to create and remember strong passwords===
Mnemonics can help you create and remember a strong password. Since it is easier for us to remember a phrase rather than a random combination of letters and number – you could create your password from a sentence or even a paragraph. Let's take the following as an example:
Will you still need me, will you still feed me when I am 64?
Now, lets take the first letter of every word. We get Wysnm,wysfmwIa64?
Alternatively, lets take the last letter. We get lulde,luldenIm64?
Both of these passwords are long and complex enough to keep the computer busy for thousands of years. Now the trick is not to remember the password itself, but to keep the sentence in mind as well as your rule for withdrawing the password from this sentence. From now on, picture the sentence in your mind and extract your password from it.
'''Exercise:''' Create a password using mnemonics and test yourself from memory
'''Media:''' Password [http://www.schneier.com/essay-246.html creation] advice from the Godfather of computer security
===Step 7: Using software for password creation and storage===
As an alternative, you can generate random, complex passwords for all of your accounts in a portable, encrypted ''secure password database'', such as '''KeePass'''. Whenever you need to enter a password for a specific account, you can look it up in '''KeePass'''. Using the copy/paste functions you can withdraw the passwords from the program to the screen where it is required.
The '''KeePass''' program stores all of your passwords in a secure database, protected by a master password (this one you have to remember!). You can store hundreds of different passwords and relevant notes in the program, without having to remember them.
'''Exercise:''' Install and start using https://securityinabox.org/en/keepass_main