Need a secure password for use on your computer? Think up a relatively long sentence. Then take the first letters of the individual words - and you've got an instant password that even clever hackers will be hard pressed to crack, experts advise, dpa reported.
Each application should receive its own password. The other option is a "software vault" that requires the user to learn only a primary password to then access the rest of the passwords. That solution has a number of flaws, however, the experts at Germany's Computerbild magazine found.
A better option might be to come up with a sentence like "On my 30th birthday I received 500 dollars from Aunt Eunice!" Take the first letters and you have "Om30bIr500dfAE!" Be sure the sentence is at least eight digits long and include both small and capital letters, as well as numbers and special characters, the experts advise.
The problem with normal words found in the dictionary or combinations of letters found close to one another on the computer keyboard is that they are susceptible to "brute force" attacks. Hackers try out password after password until finding the right one. Writing down passwords is also a bad idea, since the notes could fall into the hands of intruders.
In a recent Computerbild test of eight "software vaults," half of the candidates earned a failing grade, including the corresponding functions by the Firefox 3.5 and Internet Explorer 8 browsers. In all four failing products the passwords could be recovered from RAM, the Hamburg-based magazine found.
Even the two top-rated solutions only earned a "satisfactory." Test winner "Password Depot 4" from Acebit earned a solid "B," with some demerits but also kudos for strong encryption and good protection against brute force attacks.
"Software vaults" permit password access to applications ranging from email programs to an eBay account. The employees of Computerbild and the experts at Germany's Fraunhofer Institute tested the products by bombarding them with malware.