CompTIA’s A+ Practice Test Certification takes strong passwords very seriously. So seriously, in fact, that it falls under not one but two exam objectives. This is pretty rare and shows how seriously this is taken. There is a really good reason for this. Studies show that the most prevalent security breach relates to passwords. As in week passwords. Did you know that 28% of security breaches are password related and that the two most common passwords are password1 and 123456? So it clearly does make a lot of sense for CompTIA to make sure that anyone possessing the A+ Certification credential is well versed in this potential threat to system security.

The strong password issue is handled in the A+ 220-802 (Software) exam in Main Domain 2.0 Security. The two sub-objectives it falls under are 2.1 and 2.3:

2.1 “Apply and use common prevention methods”

2.3 “Implement security best practices to secure a workstation”

Under sub-objective 2.1 it shows as topic point “User authentication/strong passwords” and under sub-objective 2.1 it shows as topic point “Setting strong passwords”. Under either of both you are likely to get a question relating to strong passwords. When we say “strong password” we are not formulating an opinion but addressing a definition as per the A+ exam. However the definition is also widely accepted in the computer industry. So what are the elements of the definition of “strong passwords”?

They should be no less than 8 characters but no more than 15 (the longer the password the more secure it is but extremely long passwords will put too high a burden on support by users not remembering them).  As you can see above it’s not a good idea to “password” or any easy number sequence such as 123456. Another common one is birthdate, really easy to crack in ways too many situations. You should also ban:

• Any words you can find in the dictionary
• Names to anyone close to you (spouse, kids, pets etc.)
• Yours or any other license plate number
• Any of the above spelled backwards or with either a leading or a trailing number

An important part of the strong password is diversity of characters. The best strong password will combine alphabetic characters (capitalized and lower case), numbers and special characters. Special characters are the symbols you find on your keyboard, such as $ * ^ # @ etc.

Examples of how to come up with a strong password that is easy to remember:

Use the first address you remember living at “Apartment was on 5061 State Street. Rent was $800 monthly.” You then turn that into a password by using the first digits of each word which would make your password: Awo5061ss.Rw$8m

This password fulfills all the requirements of a strong password: It is 15 characters long, includes capitalization and lower case as well as numbers and special characters. This would be considered a very strong password (being at the maximum of 15 characters) but could still be reasonable easy to remember.

You could apply this method to a variety of items and come up with strong passwords you won’t easily forget. Another maybe easier way to generate them is to use Diceware.

As important as strong passwords are to the A+ exam this is only a small part of it (the exam objectives document is 44 pages long!) so there is still a lot more to master. A good way to get an idea of what the exam is like is to use practice tests. CertBlaster offers a comprehensive package covering A+ Practice test in a bundle of both the A+ 220-801 (Hardware) and A+ 220-802 (Software) exams.