Passwords are the basic foundation of digital security. Unfortunately many people take them lightly, opting for easy-to-remember names, words and dates. They think long, confusing passwords are too difficult to remember. But in the long run, is it more important to have an easy password or a safe bank account?
- Do not use names, nor words found in the dictionary. There are programs and viruses that spend all day slamming networks with dictionary attacks… a brute force cracking method wherein the criminal tries to log into a computer many times per second using random combinations of names and words found in the dictionary. Eventually, they stumble upon your password.
- Your password’s length should not be excessively short. Choose one that’s at least 8 characters long.
- I should not even have to approach the topic of passwords such as “1111″, “123″ and “qwerty”. Don’t even think about it.
- Select an alphanumeric password, meaning that it contains both letters and numbers. Try appending a random number to the end of the password, or replacing one or two letters with numbers. Even better: include punctuation too.
- Some computer systems only allow alphanumeric passwords and will throw an error when users choose one containing special characters. This is unfortunate, but there’s nothing we can do except abide by their rules and perhaps drop a note in the suggestion box.
- Use a combination of upper and lowercase characters.
- Instead of using the same password for everything you access, choose a root password, then take the name of the service or application you’re accessing, replace a few letters with numbers (or jumble it up), and append it to the end of your root password.
- Use a password generating program.
- PWGen asks you to input some entropy and then generates extremely strong passwords.
- Tony Lieuallen’s Phonetic Password Generator creates passwords comprised of random letters and number in a grammatically-based pattern that makes the password similar to actual words and therefore easier to remember than a purely random string.
People think remembering a complicated password is much harder than it really is. After you use it a few dozen times it should stick in your memory.
If you are able to touch type (type without looking) you’ll find that over time your password is committed to muscle memory. If one day you find yourself struggling to remember it, just lay your fingers on the keys and start typing. Even if you are having trouble recalling the characters, your fingers may remember.
Finally if you must write down your new, safe, secure password, put it on a piece of paper and store it in a safe place like your wallet (or if you’re so inclined, put your passwords in a text file and encrypt it). Some people keep their passwords in a safe deposit box so family members can access their accounts in an emergency.
Software and online services should encrypt your password. That means an algorithm transforms your password into a cryptic cipher that would be unreadable to anyone who looks. Unfortunately, there are many poorly designed systems which store your password in “plain text” exactly as you typed it.
If a thief steals a plain text database, they’ll probably see your username and/or e-mail address alongside your password. They might not care about your account on “Joe’s Discount Online Warehouse Bonanza”, but with this complete set of credentials in hand, they can try logging into other sites like banks, e-mail and social networks. If you use the same password for all those logins, the thief now possesses the keys to your kingdom.
If you really don’t want to remember a lot of passwords, at least pick unique ones for important accounts like your bank account and email, then use a different password for all the trivial sites.