A password is secret data, typically a string of characters used to confirm a user’s identity, gain access or protect assets or personal information. A password acts like a barrier, providing the first line of defense against unauthorized access to your computer and personal information.
Passwords are a good way to keep track of who has access to your data, the devices on which it is stored, and the online services you use. However, passwords can be a very poor authentication method if not used correctly. It is widely estimated that most security breaches – as much as 80 percent – are attributable to persons picking “weak” passwords that are easy to guess or stealing passwords that are compromised because of poor password protection practices.
Hence, in an age of cyberwar and cybercrime, selecting and using “good” passwords is critically important to protect user accounts and information. This post will look at some of the simple tips to create strong passwords and keep your information secure.
As “good” passwords must be both easy-to-remember and hard-to-guess, we can formulate some basic rules and methods to help us create “good” passwords. First of all, as you may know, best what kind of things you can memorize, use your method, but keep in mind the possible approaches an attacker might use against your password. Never think that it cannot happen to you.
- Use a combination of words and some extensions. Use your method to create your password, a convenient method for you and not known to others.
- Remember that the length of the password is more important than the basic character set it uses, and the structure itself need not be too complicated.
- Never use a word from a dictionary, English, or foreign. You may use meaningless words of non-existing languages that sound great, at least to you. To make nonsense words, alternate between one consonant and one or two vowels. “Taupouti,” for example.
- Use at least eight characters. The more characters, the better. But using more than 15 characters will be difficult to remember.
- Use a random mixture of upper and lower case characters, numbers, punctuation, spaces, and symbols.
- Never use the same password twice.
- Never use a password with a digit or symbol before or after a word. e.g., “apple1.”
- Do not double up a single word (e.g., “appleapple”) or simply reverse a word (e.g., “elppa”)
- Don’t just remove the vowels. e.g., “ppl”
- Don’t just garble letters by converting e to 3, L or i to 1, o to 0 as in “z3r0-10v3.”
Choosing a strong and secure password
- Choose a password that is easy to remember, so you don’t have to look it up all the time. It lowers the chances of someone finding out where you wrote it down.
- Choose a password that is easy to type. It lowers the chances of someone looking over your shoulder figuring out your password.
- Use passwords that aren’t based on personal information like your name, nickname, birthdate, wife’s name, pet’s name, friends’ names, hometown, phone number, social security number, vehicle registration number, address, etc. It can include using only a portion of your name or only a portion of your birthdate.
- Use passwords that aren’t based on things that are close to you. Passwords like “computer,” “monitor,” “keyboard,” “telephone,” “printer,” and so on are ineffective.
- Never use one of those easy-to-remember passwords that provide no security at all. “Password,” “letmein,” and so on.
- Never use your username, account name, computer name, or email address as a password.
- Use a good password generator tool or software.
- You can use the first letter of each word from a line of a song or poem.
- Select two short words and join them together with a punctuation or symbol character in the middle. “Seat percent tree,” for example.
Protecting your password
- You should change your password regularly. Once a month is a reasonable period for most purposes.
- You should also change your password if you suspect that someone knows it or may be able to guess it; perhaps they were standing behind you as you typed it in.
- Remember, don’t re-use a password.
- Never save your password anywhere on your computer unless it’s encrypted. Note that the password cache that comes with Windows (.pwl files) is NOT secure, so don’t click “Save password” when Windows prompts you to.
- Never share your password with anyone., not even with your system administrator. The passwords should never be sent via email or other insecure channels.
- Make a note of your password, but don’t leave the paper lying around; store it somewhere secure, preferably off-site and under lock and key.
- When entering your password with someone else in the same room, be extremely cautious.
- Make use of a secure password manager; see the downloads page for a list of free options.
- Use a text file encrypted with a strong encryption utility.