Tips on creating secure passwords
If you haven’t heard, the popular business social media site LinkedIn had a security breach a few days ago and about 6.5 million passwords were compromised and stolen. If you have a LinkedIn account, make sure to change your LinkedIn password to avoid any unnecessary tempering with your account.
While the stolen passwords were because of a security breach within LinkedIn own systems (something that is out of our hands), we still need to do our part on creating secure passphrases on websites/accounts.
According to many research articles and studies that I have read, it was interesting to note that there is an increasing trend of people using simplistic passphrases. This makes an account easily *hacked*. Password cracking bots often use a list of most common words and phrases relating to work, religion and words used in our daily lives.
Here are some tips when creating a passphrase (or password) for any website or software:
- Don’t use common names e.g. John, Richard, James, Robert, Bob etc.
- Don’t use a word or phrase relating to the site you are creating the account for e.g. if you are on a job site, don’t use the word “work” or “job” as a phrase
- Don’t use common simple phrases relating to religion e.g. “god”, “jesus” or “pray”
- Don’t use common daily phrases e.g. “dinner”, “lunch”, “thankyou” etc.
- Don’t use consecutive numbers or alphabets e.g. “12345” or “abcd”
- Don’t use words in the dictionary
- Combine and mix up words, numbers, characters and makes them case sensitive e.g. “ThisiSmyPaSSword6129%”
- Use a sentence (with word spacing) instead of one passphrase e.g. “This iS my PaSSword 6129%” instead of “ThisiSmyPaSSword6129%”
- Change your passwords frequently i.e. every month, every three months, six months etc.
- Don’t use short passwords, it is advisable to have at least 8 characters within a passphrase
- If a site gives you a default password, make sure to change it immediately
- Share at your own risk! Try not to share your password with someone else. If you do have to share it, don’t write the password down on a piece of paper and don’t send passwords in an email.
- Use a different passphrase for each website you use
- Don’t write your passwords down for the world to see! Don’t type up a list of passwords and store it on your computer. Yes, it is convenient to find all the password in one place, but it just makes it *too* convenient for someone to find it and steal it.
- Never put your passwords together with your important documents e.g. tax information, bank accounts etc.
- If you are asked questions as an additional security component within your passphrase creation process, don’t use easy answers like your birthdate, the first name of your spouse, the city where you live etc.
You may find some sites are even forcing you to use passwords that are a certain length with a character, number and alphabet in it. While we might moan and groan to why they are making it difficult for us, that extra setup is for our own benefit.
Here is a site by Microsoft that lets you check whether your password is strong enough:
Setting up complicated passwords is a good first step. However, make sure that you come up with a good method of remembering it as well. It is so easy to come up with a complicated password and end up forgetting it, getting locked out of the site yourself. I remember a Sesame Street episode that Telly tied a string on his finger to remember something, then tied another string on his wrist to remind him to remember to look at the string on his finger. He ended up forgetting entirely why he tied the string on his wrist and finger. Don’t be Telly!
Can you add more to password tips above? We would love to hear them.