Contrary to popular belief password management is quite simple. All you need is to learn a few tricks. Let’s review what should be avoided when creating a strong password:
- Don’t Using Common Words or Phrases. These are susceptible to both human and computer-based dictionary attacks (e.g. password, iloveyou, 123456, qwerty).
- Avoid Dictionary Words. This includes words from any language (using multiple words mushed together is okay, more on this later).
- No Repeating Characters. These are quickly hacked by automated programs (e.g. ababab, 111111).
- Ditch Replacement Characters. Looks alike numbers or symbols for characters is no longer strong enough (e.g. p@$$w0rd, m1cr0s0ft, sw33t).
- Avoid Personal Information. Names of family members, friends, pets, birthdates, addresses, phone numbers and license numbers.
- Check for Compromised Passwords. If your password exists in any compromised password database, it should be changed. Resources are listed below to help identify if any of your accounts are compromised.
- Do Not Reuse. Each password for every account should be different.
- Sharing is Bad. Never share your passwords with anyone else.
- Avoid Writing Down Passwords. This includes books, scrap paper, and under your keyboard.
Now that we know what to avoid, let’s expand on what makes a strong password and how to create them.
- Go Long on Your Passwords. A strong password should be at least ten characters long.
- Choose a Passphrase. Choose a phrase or sentence with at least ten words. This should be something that is easy for you to remember but would be hard for others to guess. A line from a poem, song, movie, quote, etc are all examples of where you might get this phrase. For our example, we will use Mary Had A Little Lamb With Fleece As White As Snow.
- Use The First Letter. By removing all letters except the first, our example becomes mhallwfawas.
- Add a Mix of Upper and Lower Case Letters. Our passphrase may now look like MhaLLwfAwaS.
- DO Include Number, Symbols and Special Characters. Now let’s add a number and one or two special characters that can replace some of our letters or add to our password. Now our passphrase may look something like Mh@LLwfAwaS!. Here we replace the ‘a’ with @ and added an exclamation point to the end.
- Use a Random Combination of Words. Much like the passphrase, using multiple unrelated random words can create very strong passwords as well. All the same rules above apply, just using random words instead of a phrase. For example, dog train and blue could be good as dogtrainblue, better as DogTrainBlue and better yet as Dog@TrainBlue3.
- Implement a Password Manager. A password manager will help keep all your accounts and passwords safe while allowing you to remember A SINGLE PASSWORD. There are various password manager offerings and many are free; try LastPass, 1Password or Dashlane.
If random passwords are used for each site, the chances of a compromise decrease dramatically. However, a password like p7gNh$aT730&(8)@dr is not memorable and hard to type. This is where the password manager really shines. Not only will it remember these long and random passwords, but they will create them for you as well. Password managers make creating strong, random passwords for each site a very easy task to achieve.
Passwords are the keys to your digital life. Passwords are the keys to your digital life that lock the doors to your personal information, digital resources and finances. Traditional and weak passwords can be cracked in less than a minute! By using these steps to create and maintain strong passwords is an easy step you can take to help protect those precious resources.