If you think about it, passwords are like doors to your house, or fences around your property. They’re only as good as their materials in keeping intruders out . Weak passwords will get you robbed before you even realize it; Sturdy passwords will make it harder for them to intrude, at least for now. I say for now because, in this time and age, one layer of security is no longer enough.
There should ideally be other security measures set up on top of your logins, but for now, let’s buff up your password by reviewing some curated Do’s and Don’ts.
Your password should contain nothing about you. Passwords are there to protect information that can be associated with your identity, not to be made out of it. Password DEPOT specifically advises not to use familiar names like ones of your family or pet. Likewise, no phone numbers, birthdates , license plates or other data that can easily be found out about you.
It is additionally advised that you shouldn’t explicitly include words searchable in dictionaries as it is not a secure password, regardless of the length. Programs that can crack passwords work with dictionaries and systematically try the entries.
Make them as long and incomprehensible as possible. All websites have a minimum and maximum character requirement, which should be taken advantage of at all times. Length can increase a password’s strength by a large increment . However, as stated previously, long passwords won’t be any better than a short one if it contains words from dictionaries.
It should contain all the characters that the account allows, (eg. As numbers, punctuation and special characters). Likewise, uppercase and lowercase letters should be mixed. There should be no strings (e.g. 1234,9874) or patterns (e.g. keyboard patterns – asdf, hjkl, 8520, 7410) either, as these can be run through an algorithm, hence, are easy to crack.
Devise a password-creating system that’s all yours. Compared to a random password generator, CNET recommends creating your own system to effectively create and remember your complex passwords. You can, for instance, convert the name on a tag of your favorite t-shirt, and add a symbol and the number of letters on the actual word (basic = 211993*5). You can give that extra strength by converting the price of that shirt into letters ($199.99 = $aii.ii), and put it in between to make “2119$aii.ii93*5”. You just have to get creative in altering something that’s already familiar to you.
Test your password. According to Lifehacker, If you use a password manager, it’ll test your password in real time, on the safety of your computer. If you don’t, then sites like How Secure Is My Password?, How Big Is Your Password?, and How Strong Is Your Password? can put your crafted password to the test.
However, they won’t warn you about common guessable phrases. Though typing your passwords into unfamiliar sites is a bad habit. these sites are safe, as they’re all publicly run by trusted developers who promise that your entered text never leaves your computer. Lifehacker still suggests to just use these sites to get the gist before you make your real password.
And finally, reset your password once in a while. Once in a while can mean, whenever you feel like it. Lifehacker strongly suggests changing weak or duplicate passwords anywhere, as soon as possible. However, they also discussed how changing it too often is more counterproductive than effective in securing your account, as forced prompts, like in a corporate setting, pushes you to create poor password choices (e.g. pass123, pass234, pass456). The responses from Business Insider’s informal survey among some of the best in information security business suggests, in summary, that it all depends on your priorities. “As always, it’s about threat modeling: Figure out which services are the important services FOR YOU. Then use a strong, unique password on those, and change it regularly. For non-important sites, who cares?” (Mikko Hypponen, chief research Officer, F-Secure).