finding my way (lyspeth) wrote in lj_userdoc,
finding my way

possible new FAQ about password creation

Ever since the new warning was placed into the system asking users to change their passwords if they are too "easy to guess," people have been complaining and asking in suggestions for the options to turn the warning off.

I don't know how much it would help to have an FAQ that gives people advice about how to create passwords that will pass the security test, but it might reduce the number of complaints about not being able to come up with a memorable password that also passes the test, or at least provide a place to send people when they do complain.

Why does LiveJournal keep telling me my password is too easy to guess, and what can I do about it?

No one would ever guess my password. How is it insecure?

There are automated programs that can try many possible combinations very quickly. They rely on dictionaries and therefore passwords that are based on dictionary words or combinations of dictionary words will be found easily and quickly. Passwords that use only lowercase letters, especially short passwords, are also quite vulnerable even if they are not exactly dictionary words. [More information should be added here about what kinds of things tend to trigger the password checker's warnings.]

How can I make a better password that isn't too hard to remember?

First, avoid passwords that are simply words or passwords that are based on your username or data in your profile.

Here are some strategies that you can try. Most of these require you to choose some kind of source for a password that is memorable to you somehow.

From there you can:

  1. Combine parts of different words.
  2. Convert some of the characters into numbers or symbols.
  3. Use a mix of upper- and lower-case letters.
  4. Insert memorable numbers into the middle of strings of characters.
  5. Pick a phrase that's meaningful to you and choose one or two letters (maybe the first letter) of each word in the phrase.
  6. Try combinations of these strategies to make your password memorable yet secure.
  7. [more strategies]

If my journal gets hacked, that only hurts me, right? So can I turn off the warning?

No. The LiveJournal Abuse team and the LiveJournal Support team deal with many problems relating to hacked accounts. Your choice to retain an insecure password may cause problems for people other than yourself, so LiveJournal strongly recommends that you choose a password that will not trigger the warning. If you choose not to, you will continue to see the warning.

[other information about issues, if needed]

Disclaimer! This is based on my understanding, which might be wrong (especially for the last part), but I wanted to provide a base.

  • Post a new comment


    Comments allowed for members only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded