With all of today’s talk of viruses and trojans, many people forget that one of the easiest ways to protect your self on the internet is with a strong and secure password. Think of all the things you use a password for – online banking, online games, blogs, social networking, email and many others. All of these websites hold something valuable to you, weather it’s the money in your checking account or the hours you’ve invested into your level 80 paladin.
To understand how to make a secure password, you first have to know how someone attempts to crack them. Most password-hacking utilities are called “brute force” applications, and they do just that – force their way in. These programs will use a massive list of dictionary words, common passwords, and popular key combinations to try and guess your password. While this might seem like a lofty job, they work very quickly. A brute force utility can burn through hundreds, even thousands of passwords faster than you can type your first guess.
Knowing this, you should follow some basic rules when creating a password.
1. Use as many characters as you can. An 8 character password is exponentially stronger than a 6 character password.
2. Never, under any circumstance, use a dictionary word. If there is a legible word in your password, you’re doing it wrong. Any word that you can find in a dictionary is like locking your front door and leaving the key under the mat.
3. Never use names, places or dates. In the grand scheme of all possible letter, number and symbol combinations, FredAspen1972 is pretty easy to guess – especially for someone who knows you, or for a brute force application programmed to try every common name/place/date.
4. Make sure you use lowercase letters, uppercase letters, numbers and symbols. Everyone puts numbers/symbols at the end, so don’t be predictable. Mix them in.
This is my process for creating a new password. I highly recommend you adopt this process.
- Open up a blank Word/notepad/word pad/text edit application.
- Close your eyes. Type 8 to 16 random letters and numbers. If you did it right, you should get something like “ht8jg8o6” or “lf95j7zuq1”
- Now choose two or three of the letters and capitalize them. For example: “hT8jG8o6” or “Lf95j7ZuQ1”
- Now throw one or two symbols in the middle somewhere. This can include pound, exclamation mark, money sign, or any of your favorites. For example: “hT8!jG&8o6” or “Lf%95j7Z$uQ1”. Some websites and applications will not accept passwords with symbols, if this is the case just omit this step.
- Write your new password down. This is the most important step. You have a very complex password now, which not only makes it very hard to crack, but also makes it real tough for you to remember. Write it down twice – take one with you in your wallet/purse and put the other one somewhere safe in your house.
- Never save your password on your computer. Once again, this is equivalent to leaving the key under the mat.
- Make a new password often. I recommend 3 to 4 times per year. Some people choose to make new passwords and replace all of their old log-ins with it. Others opt to make a new password and only use it with new log-ins, thus creating a wide variety of passwords used across carious websites. This is up to you.
After a few days of typing in your new and complex password, you will eventually memorize it. Instead of remembering names and places, you will instead gradually grow accustomed to remembering key strokes and patterns on your keyboard.
On this topic, I frequently get questions relating to password management and password encryption software. While I won’t talk to the legitimacy of the companies that manufacture these types of programs, I will say that giving your password to anyone is a poor choice. Be it your best friend or a corporation, the more people who know your password, the less secure it is.