Creating online passwords – be sensible, wise and secure
Don’t make it easy for anyone to guess your online password, irrespective of what it is used for. Use strong passwords and you can sleep easier in your bed!
Do use strong passwords
A good password:
- Needn’t be a word at all. It can be a combination of letters, numbers and keyboard symbols.
- Is at least 8 characters long. Longer passwords are harder to guess or break.
- Does not contain your user name, real name, or company name.
- Contains a mix of upper and lower case letters, numbers and keyboard symbols (i.e. ` ~ ! @ # $ % ).
- Is changed regularly
- Use a passphrase. Rather than trying to remember a password created using various character types which is also not a word from the dictionary, you can use a passphrase. See below for ideas!
Don’t use weak passwords
Avoid weak passwords. This means:
- Using no password at all.
- Do not use real words. There are tools available to help attackers guess your password. With today’s computing power, it doesn’t take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.
- You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet’s name, child’s birth date and other similar details.
- The most common password is ‘Password’ so that’s an obvious one to avoid!
- A password you haven’t changed in more than a couple of months.
Look after your passwords
- Never disclose your passwords to anyone else.
- Don’t enter your password when others can see what you are typing.
- Use different passwords. You should use a different username and password for each login or application you are trying to protect. That way if one gets compromised the others are still safe. Another approach which is less secure, but provides a fair tradeoff between security and convenience, is to use one username and password for sites and applications that don’t need the extra security, but use unique usernames and more secure passwords on sites such as your bank or credit card companies.
- Change passwords regularly.
- Don’t recycle passwords (e.g. password2, password3).
- Don’t write passwords down. Instead, use memory tricks to remember them. For example, make a password out of the first letters of each word in a memorable phrase or substitute numbers for letters (for example: 5 for s, 3 for e).
- Don’t send your password by email. No reputable firm will ask you to do this.
- If you think that someone else knows your password, change it immediately.
Ideas on what Password / Pass phrase to create
- Choose two words and combine their letters to create the password, choosing one letter of the first word and one letter of the second word, and repeating this until you get to the last letter of each word. An example for Mary & Bill could be “MBairlyl” and why not then add the “&” at the end to give “MBairlyl&”
- Take the name of the web site and then add the last four digits of a friend’s home phone number to the end. (Don’t use your own phone number, since a clever hacker could try the same algorithm in a dictionary attack.) The password for eBay.co.uk might be “eBay.co.tuk43298”. This is by way of example only because it is too easy for others to figure out but you would add your own personal twist. Maybe you would spell the site name backwards. The more steps in your method, and the more unpredictable each step is, the more secure your password.
- Think up a sentence or a line from a song or poem that you like and create a password changing letters. For example, you could take a line from your favourite song, such as “I feel it in my fingers” or “Abide with me” and convert it to a password like “If33litinmying3r$” or “@b1d3w1thm3”. By substituting characters and numbers for letters, you can create a secure password that is hard to crack, but much easier for you to remember.
- Take a word or phrase and remove the vowels from it (for example, “I love strawberry milkshakes” becomes “lvstrwbrrymlkshks”. Then change a one of more letters to numbers or characters to give “lv$trwbrrymlk$hk$”
- Combine a date inside a larger password. This helps when the password needs to change from time to time. But, remember to never use only a date because lists of password guesses exist and date only based passwords are at higher risk to being cracked than other choices. For example, “ComeOn11 April 1970Chelsea!” [Look it up!]
- Pick a number with 4-5 digits. Now look at your keyboard. Find your number, then look at the 2 letters that are directly beneath it. Let’s say you chose 2. The numbers directly beneath the 2 key are “q” and “w”. Now, when you create your password, press the first number that you chose, then press the two letter keys that are directly beneath it. Do this with all of your numbers. Now all you have to remember are the numbers! So, the number 2649 becomes “2qw6ty4er9io”. Why not then capitalise the first number under each letter, to give “2Qw6Ty4Er9Io”. No-one is going to guess that, just from four numbers!