Selecting Passwords

Many websites have tips and rules for creating strong passwords. Pretend your friend Eve Jones (evjones@princeton.edu) is also a student at Princeton and she is having trouble understanding these rules. For each rule or tip, she's provided three example passwords with an explanation of how she created her password. Help her learn what makes a strong password by ranking her examples from strongest to weakest and explaining your ranking.

  1. Use a password of at least six characters.

    HomerSimpson
    snyfe
    evjones03
    I concatenated the first and last name one of the characters in my favorite TV show. I took the first or last letter of words at the end of paragraphs in an excerpt from the Undergraduate Announcement: (s = interests, n = information, y = year, f = field, e = education). This is my username with the number '03' appended to the end.

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  2. Use uppercase and lowercase letters in the password.

    Buster
    poTion
    kwcmyd
    It's my dog's name. I took this word out of my favorite novel and capitalized the 3rd letter in the word. I selected lowercase letters from different areas of the keyboard.

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  3. Create an acronym from an uncommon phrase.

    MadeNChina
    Goa7DbFits
    MSFTWMTMCD
    I saw "Made in China" on the bottom of my mug and substituted the capital letter 'N' for the word "In" and removed all spaces from the phrase. Since today had lots of snow outside, I thought of this phrase: "Go out after 7:00. Don't bother FREEZING in the snow.". Next, I took the first letter of each word. I took the acronyms from some stocks that I own (MSFT = Microsoft, WMT = Walmart, MCD = McDonald's Corporation).

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  4. Mix up two or more separate words.

    PrincetonNJ
    0moDtAhDer0
    garbageball
    I took my address and concatenated the city and state names, abbreviating New Jersey to NJ. I took the word "mother" and put the word "DAD" inside. I then appended and prepended zeros. When my friends and I try to toss trash, we pretend it's basketball and call this game "garbageball" taking the word "basketball" and replacing "basket" with "garbage".

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  5. Drop letters from a familiar phrase.

    fur-hldrvhc
    IiauaiooIai
    ThDlyPrinctnn
    I read the newspaper and took the phrase "four-wheel drive vehicle". I removed the letters in the following order: o, w, e, e, i, e, v, e, i, l, e. I took the chorus from the Destiny's Child song "Soldier" and used the vowels only from the line "If his status ain't hood, I aint..." I took out all of the vowels from and spaces from the name of the school newspaper, "The Daily Princetonian".

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  6. Avoid common literary names.

    rodnoffirG
    Brklyn1234
    5DI4cn0pSm
    I took this name out of a Harry Potter book (Griffondor). I then reversed the word. I visited Brooklyn today, so I took the name of this borough. Next, I dropped the vowels (Brklyn). Finally, I appended the string '1234'. I took the last name of the author Charles Dickens. Next, I dropped 'k' and 'e' (Dicns). Then, I capitalized 'I' and 'S' (DIcnS). Finally, I inserted the current time (5:40 pm).

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  7. Avoid abbreviations of common phrases or acronyms.

    FSPMGLGA
    imho&lol
    dYs~oWS$
    I took the first letter of names of characters from Lord of the Rings (F = Frodo, S = Sam, P = Pippin, M = Merry, G = Gandalf, L = Legolas, G = Gimli, and A = Aragorn). I used the abbreviation of the phrases "in my humble opinion" and "laughing out loud" from instant messaging. First, I took the last letter from words in the phrase "read my lips, no new taxes" (dysows). Next, I capitalized 'Y', 'W', and 'S'. Finally, I inserted some punctuation (~ and $).

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  8. Use homonyms or deliberate misspellings.

    whinnyDaPooh
    urmysunshine
    drowssapseve
    I took the name of a cartoon character (Winnie the Pooh) and replaced the word Winnie with similar sounding whinny. Next, I replace "the" with "Da". First, I used the phrase, "you are my sunshine". I substituted the word "you" for 'u'. Next, I replaced "are" with 'r'. I spelled "eve's password" backwards. I then removed the apostrophe.

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  9. Avoid passwords that contain your login ID.

    ejones
    felten
    vo7ne\
    I took my login ID (evjones) and dropped one letter (v). I took the login ID of someone else at the university. I took my login ID (evjones) and dropped the 'e' (vojones). Next, I substituted 'n' with 7 (vo7nes) and 's' with '\'.

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  10. Use numbers in the password.

    2581796
    d5ri7ve1
    2gether
    That's my office telephone number. I just drove from the airport, so I thought of the word 'drive'. I then tried to put some digits (5, 7) inside the word. I took a number that sounds like a word ('two' sounds like 'to') and thought of a word that incorporates this sound ("together").

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation

  11. Use punctuation in the password.

    01/12/85
    sk?inniest
    !nter$tate
    This is my birthday. I took a word from my fashion magazine and added a question mark ('?') after the 2nd letter in the word. I took a word off of a map and substituted letters with similar looking punctuation characters, 'i' looks like '!' and 's' looks like '$'.

    Ranking

    First (Most secure)
    Second
    Third (Least secure)

    Explanation