Top Tips for Choosing a Password That You Won’t Forget
When it comes to online safety, one of the most important aspects is creating strong, secure passwords. We live in a digital age where much of our personal and financial information is stored online. This means that password protection has a significant role in safeguarding our digital identities.
Cybercriminals are becoming increasingly sophisticated, and weak passwords can make you an easy target. As such, it’s crucial to take password creation seriously and follow best practices to ensure maximum security. The following tips offer a detailed guide on how to create robust, secure passwords to help you stay protected in the online realm.
There are various principles to consider while creating a strong password. Essentially, when creating a secure password, we must remember the first six general criteria. In addition, we provide more ideas for making your accounts more secure against online threats in this blog article!
1-Length is essential
If the site allows it, your password should be at least 12 to 16 characters long. The longer your password, the more difficult it will be to guess or brute-force it.
2-Mix things up
Make use of a mix of uppercase and lowercase letters, numerals, and special characters. This raises the complexity of your password and makes it more difficult to hack.
3-Avoid displaying clear personal information
Don’t utilise obvious data like your name, birth date, or common words. These are the first options an attacker will consider.
4-Avoid using commonly used passwords
Such as “password”, “123456”, or “qwerty”. They are the initial targets for attackers.
5-Passwords should not be reused
It may be tempting to use the same password on many sites for convenience, but doing so implies that if one account is compromised, all of your accounts are compromised.
6-Update your passwords on a frequent basis
While you don’t need to change your passwords all the time, it’s a good idea to do so on a regular basis, especially if you suspect any of your accounts have been stolen.
What makes a password secure?
In order to make a password more secure, you need to make it impossible for someone to guess, difficult for a computer to crack and only used once (so if it does get into the wrong hands, all your other accounts are safe). Two popular strategies I see quite often are to either use a combination of random words to compose a passphrase, or to use an easy to remember phrase and boil it down into a seemingly random string of letters, numbers, and characters.
Both of these methods aim to increase the password’s entropy, which, without getting too technical, is a popular way to measure how unpredictable a password is. This is done by evaluating how many possible combinations there could be given the length and available characters. For example, an ATM PIN is usually 4 digits long, and only contains numbers 0 – 9. Therefore, there are 10,000 possible combinations a PIN could be (or about 13.3 bits of entropy). Although a PIN number can be quite difficult for a person to guess (assuming it is a truly random number), a computer would crack it in less than 10 seconds, assuming it could check 1,000 combinations a second.
So, what about passwords? How can you give them as much entropy as possible, and at the same time, keep them safe in your head?
Techniques for coming up with a strong, memorable password;
1) Combine four or more random and unrelated words
There’s a famous (in the techie world!) comic (http://xkcd.com/936/) which is often cited when people talk about this method. Rather than take a single word and replace letters with similar looking numbers and characters (! for l, or 3 for e, etc.) you take several words in sequence and make that a password.
For example, think of four completely unrelated words: ‘purple’, ‘fish’, ‘helicopter’, ‘okay’. If you put these words in a sequence – with or without spaces – this will make a pretty strong password, which is almost impossible to guess and very difficult for a computer to crack. It’s also incredibly easy to remember; just visualise a purple fish walking up to a helicopter and saying “Okay”. And voilà, you have remembered a strong password:
This is a pretty good method, although Bruce Schneier, a renowned security technologist, says that hackers are already on to this, so it may be better to move on to a method he recommends:
2) Turn a phrase into a random set of
Take a phrase – something personal to you, that you’ll remember – and then take the first letter of each word and put them in sequence. For example, let’s take the phrase “William Wordsworth said I wandered lonely as a cloud”. This would then become “wwsiwlaac”. Next, let’s pad it out a bit. Since clouds are up in the sky, we can put a ^ at the end, as it points up. Also, let’s put the letter for the word ‘lonely’ on its own with a space either side – as it’s lonely. Finally, let’s keep the WW at the beginning capitals, as they’re initials. Now we have:
WWsiw l aac^
Using this technique, we’ve created a seemingly random set of characters, which should have some meaning to you and stick in your memory. In order to remember them, you simply remember the phrase, and go through the story you used to come up with the password. You’ll be surprised how well it works.
Obviously, don’t use either of these two passwords mentioned above, as we’ve just written about them – come up with your own, and be creative about the way you replace some of the letters with other characters. Here are some other ideas:
Replace the word “money” for a £ or $ instead
If your phrase has something to do with food, add a capital ‘B’ at the end, as the character looks a bit like it has a belly
If it’s something happy, put an open bracket ‘)’ somewhere, as the smile part of a smiley emoticon
Again, these are just to give you ideas of how to come up with ways of replacing characters in your password. The point is we’re trying to create a story and give some meaning to the combination of characters which will help you remember them later.
Some other password tips;
Many services are transitioning to passwordless authentication, which includes methods such as biometric data (fingerprint, facial recognition), security keys, or temporary codes given to your mobile device. These approaches are frequently more safe and convenient than traditional passwords.
2-Avoid Password Hinting
Password hinting or security questions might reveal your account, as this information is frequently discovered or figured out by others. Consider using an alternative email or phone number for account recovery instead.
3-Breached Password Checks
Some password managers now include tools that check to see whether your passwords have been exposed as a result of a data breach. It’s a useful option for staying up to date on the security of your accounts.
Many current password managers, such as 1Password, LastPass, and Dashlane, include built-in capabilities that notify you if your saved passwords have been compromised as a result of a data breach. These programmes can run checks on a regular basis, ensuring that you are notified as soon as any of your accounts are compromised.
4-Use a password manager
Even using the above methods, it can be difficult to remember a large number of passwords – after all, you really need each and every password you use online to be different. This is where a password manager comes in handy.
A password manager is an application that is installed on your Mac/PC and smartphone, and stores all of your passwords securely in an encrypted file, which can only be unlocked with a master password. This way, even if your device is lost or stolen, your passwords are still safe (as long as you have a strong master password!). A few popular password managers are 1Password, Lastpass, and KeePass.
5-Enable two-factor authentication
Even if you use a strong password, your accounts can still be compromised if the site’s other security measures are breached. By demanding more than one type of verification to access your account, multi-factor authentication offers a further level of security.
Many online services, including as Gmail, Facebook, Apple, and PayPal, offer two factor authentication as an option. This is where you log in with your password as normal, then a unique code is sent to your smartphone by SMS or notification which you have to enter to confirm you are the person the account belongs to. This way, even if your password gets into the wrong hands, someone trying to log in would physically require your phone to be with them in order to complete the login. It’s worth enabling this on your email and any accounts containing sensitive information, just as an added layer of security.
6-Log in via services such as Google and Facebook
Many apps and websites offer the ability to sign up and log in via other accounts such as Facebook, Google, and LinkedIn. This speeds up the sign-up process, as some of your information can be pulled across such as name, email address, and profile photo. You don’t usually have to enter a password when you log in this way, as a unique token is exchanged between the app and (say) Facebook which is then used to log you in. Once you’ve logged in to Facebook, you’ll then be able to log in to any other account which has been created via this method.
This is a very secure way of logging in, and has the added benefit of you not having to create another password. You do however need to make sure you watch what access you’re giving the app to your Facebook account. Some apps may simply ask for your basic Facebook profile information, such as name, profile photo, and email address. Whereas others will ask for permission to post to Facebook as you. If this is what you want – great!
But do keep an eye out and make sure you’re only signing up to services that you trust and you’re only giving them access to information they truly require.
So, just to recap:
- Don’t use weak passwords, such as short words, or any words or names which have some relevance to you
- Try to make your password as long and as complex as possible (using the above techniques to remember them)
- Only use each password once
- If you have to keep lots of passwords, consider using a password manager
- Enable two factor authentication on accounts containing sensitive information, such as email
- To quickly sign up to an account in a secure way, use the ‘Log in with…’ Facebook, Google, LinkedIn, etc. buttons, but only do this with services you trust and make sure you only give them the minimum privileges to your account
Lucidica provides London based IT support for businesses.