Skip to main content
You are currently in a sub-section of washk12.org

Secure Passwords

PASSWORD CREATION GUIDELINES

Passwords are challenging these days.  It is critically important to make a password secure, but sometimes that also makes it hard to remember.  We used to believe that to make a password more secure you would add more characters or change some letters to numbers and using a combination of uppercase and lowercase letters.  Interesting enough, doing those things doesn’t make it much more difficult for a computer to guess your password.  What we knew yesterday about passwords, turns out, isn’t accurate at all.  In the end, what makes more of a difference than anything is length.

We use a specific term to measure the strength of a password: entropy.  For you math majors, the entropy is calculated by with the following function:

Password entropy equation.

Where E is password entropy, R is the total number of available characters, and L is length.

If your not a math major, the issue is summed up fairly well in this comic from XKCD

(Disclaimer: the password entropy function used in this comic is slightly different, but the concept is still the same)

Password strength diagram.

https://xkcd.com/936/

The best password you can make is 20-30 characters long made up of totally random characters.  Unfortunately, those are not always very easy to remember, because of that a better solution for most people is a password that is made up of several random words.  Long passwords are usually hard to remember, but because your brain only has to remember words instead of letters, numbers, symbols, and other punctuation, these are actually easier to remember, but (because of the length) harder for a computer to guess.

If EFF produced a video that explains this concept and gives you a great idea on how to choose these random words.

Video: How to Make a Super-Secure Password

WHAT ARE THE MINIMAL REQUIREMENTS FOR WCSD PASSWORDS?

Passwords should have at least 70 bits of entropy to meet password requirements.  Using this function:

Password entropy equation.

Where E is password entropy, R is the total number of available characters, and L is length.

This equates to:

Passwords consisting of all lower case letters At least 17 characters long
Passwords consisting of lower case and upper case letters At least 13 characters long
Passwords consisting of lower case letters and at least one number At least 14 characters long 
Passwords consisting of lower case, upper case letters and at least one number At least 12 characters long
Passwords consisting of lower case, upper case letters, at least one number, and at least one symbol  At least 11 characters long

Brute force password chart.

PASSWORD STORAGE GUIDELINES

Video: Using Password Managers to Stay Safe Online