Password Security

OK, so my Hotmail account has been hacked and used by spammers, my website has been hacked and redirected visitors to a porn site and my Twitter account was hacked and used by spammers … learn from me … don’t presume your password is secure enough.

Below are some suggestions on how to make your passwords secure and less likely to be cracked as well as some tips on what not to do and tips on how to remember your passwords.

Understanding Passwords

All you need to remember is that you want a strong password. A strong password is a password which is not found in a dictionary, it is not a name (human or pet), and it contains 3 of the following 4 characteristics:

  • uppercase letters (A through Z)
  • lowercase letters (a through z)
  • numbers (0123456789)
  • special characters (!@#$%^&*()_+{}|:”<>?[]\;’,./)

Truly strong passwords should be 12-14 characters, however many websites do not allow you that many characters. My experience has shown that 8 characters is the magic number for most every website.

Creating Passwords

Consider obtaining a password manager (I like LastPass).  They often are available for little or no cost and integrate with your web browser.  These managers will have tools to generate secure passwords for you.  You can select the lenghth of the password, and what characteristics to use.  If you don't have a password manager and you only have a few passwords, you can still create a secure password which is complex and difficult to crack.  

When you need to create a strong password, you can use a phrase that you would remember like "If I had a million dollars, I would be rich"  To create a password, you might take the 1st letter of each word (iihamdiwbr).  While this would be a password which would be difficult to guess, it's not particularly difficult for a computer to hack.  Instead, you might derive the password I!H1k$ibR, this would be a far more secure password and you could leave yourself a reminder in plain site without raising an eyebrow or giving away your secret.  Easier yet, reconsider that password manager.  

Rembering/Storing Passwords

We all have a LOT of passwords to remember and the number increases every year.  Personally, I have more than 300 passwords.  There are more secure and less secure options you can select.  

Of course the more secure the password, the more difficult it is to save and access it, right?  Yes and no.  While you can't beat the simplicity of simply writing your password on a sticky note and affixing it to your monitor or under your keyboard, or just selecting your pets name, your children's birthdates or what have you, that simplicity comes at a risk.  The risk of loss, particularly when you share one password across multiple sites is that you risk losing access to multiple accounts.  

Here's what NOT to do

  • Don’t use anyone’s name or nickname.
  • Don’t use your pets name
  • Don’t use your car’s make, model, etc.
  • Don’t use words found in the dictionary
  • Don’t spell common words backwards
  • Don’t end your passwords with numbers (some sites won’t even allow it)
  • Don’t use the names of sport figures or teams
  • Don’t use default passwords
  • Don’t use your license plate number
  • Don’t simply replace L’s with 1’s and O’s with 0’s, etc.
  • Don’t use common sequences such as qwerty or 12345
  • Don’t use your phone number, or any sequence of numbers alone
  • Don’t use your Social Security Number
  • Don’t use any part of your real name or user name in the password
  • Don’t use your birthday, anniversary, etc.
  • Don’t presume your password is secure