Creating strong passwords
S
afe
passwords don’t have to be hard to create; they just have to be
hard to guess.
The
prospect of creating a strong password, changing a password or using
multiple passwords makes many people anxious because they believe it
requires memorizing multiple complex passwords such as
Wts4e_79PBa13^_qnS.
The
result is that people find the task so daunting that they continue to
use one simple password. This just isn’t safe particularly if
the password is a simple one. If that one password gets compromised,
all of your Web information is compromised.
Some
people use several passwords, but these passwords are short, simple
words or include numbers that relate to their personal information
(such as birth date or address) and so are easy to guess.
If
you made hard-to-remember passwords you probably did so because your
business or a Web site forced you. In this case you are likely to
have a list of the passwords next to your computer – even
though you know this also compromises your safety.
What makes a strong password
There
are some very easy rules of thumb you can use to make sure your
passwords aren’t weak.
Weak
passwords:
Password – The word
“Password” is the most commonly used password and it is
pathetically weak – as are ‘default’ and ‘blank’.
These are simple words and easily guessed or broken with a
dictionary assault on the password.
Smith1968
- Though this uses 9 characters and includes letters and
numbers, names that are associated with you or your family, or uses
other identifying information such as birth year, are easily hacked.
F1avoR
– Though it mixes up capitols and numbers, it is too short and
substituting the number 1 for the letter l is easy to guess.
Strong
passwords. It’s easy and can actually be fun
to create strong passwords - you just have to know how - and
the payoff in increased safety is huge. There are 5 principles
when protecting passwords:
Length
– use at least 10 characters
Strength
– mix it up with capitals, characters, and numbers
Obscure
– use nothing that is associated with you, your family, your
company, etc.
Protect
– do not place paper reminders near your computer
Change
– the more sensitive the information, the more frequently you
should change your password
Look
at these examples of password patterns that are safe but also easy to
remember.
|
Logic
|
Password
|
|
A familiar
phrase typed with variation of capitalization and numbers instead
of words (text message shorthand).
|
L8r_L8rNot2day
= Later, later, not today
|
|
2BorNot2B_ThatIsThe?
= To be or not to be, that is the question
|
|
Incorporate
shortcut codes or acronyms
|
CSThnknAU2day
=Can’t Stop Thinking About You today
|
|
2Hot2Hndle = to
hot to handle
|
|
A password that
is easy to remember phrase because it describes what you’re
doing, with key letters replaced by a number or symbol
|
1mlook1ngatyahoo
= I’m looking at Yahoo (The I’s have been replaced
with 1’s.)
|
|
MyWork@HomeNeverEnds
|
|
A
word spelled backwards with at least one letter represented by a
character or number
|
$lidoffaD =
Daffodils (the $ replaces the s)
|
|
y1frettuB =
Butterfly (the 1 replaces the l)
|
|
Patterns from
your keyboard. Make your keyboard a palette and make any shape you
want.
|
QWERTY7654321 –
This is the 5 letters from left to right in the top row of your
keyboard, plus the numbers from right to left across the top going
backwards.
|
|
1QAZSDRFVGY7 is
really just making a W on your keyboard – see the image
below.
|
Beware of simple password hints
Often,
you are given a choice of password ‘hints’ when setting
up a membership or an account. Security questions that someone can
easily discover the answer to expose you to theft on the site
involved, and allow the criminal to collect additional information
about you. When given a choice, never pick a hint whose answer is
easily discoverable.
W
hen
all the choices – as in this example - are easily discoverable,
feel free to ignore the question and use an answer that means
something to you; for example, sunshine. The site isn’t
actually validating this information for accuracy; they just want you
to provide the same answer that you used to establish the
account. Enter whatever you want, but make it memorable.
