14 Simple Steps for Writing Rock-Solid Passwords

• May 14th, 2015
• 51 Comments
• Mobile Security, Online Privacy, Online Safety, PC security

Your online privacy depends on the strength of your passwords.

Your privacy is only as safe as your weakest password.

Ok, so maybe that’s a bit of an exaggeration, but let’s face it. The strength of your passwords is important. If it wasn’t, why would so many people be interested in hacking them!

Passwords keep your private stuff private. They make sure that the emails sent from your account are actually written by you. They make sure that the Posts, Likes and Comments that appear on your Facebook page are authentic. They keep your Dropbox photos private. They make sure your coffee card is used exclusively to buy frothy sweet drinks for the people you want to treat.

Of course, passwords also prevent criminals from draining your bank account, running up charges on your credit cards, and causing all sorts of other mischief.

Clearly, having a strong password and keeping it secure is important. Which leads to the question – how can you create rock-solid passwords and keep them protected? Here are 14 simple steps to help you out.

1. Use different passwords, everywhere.
You don’t use a single key to open your car, house, bicycle lock and safety deposit box, do you? Similarly, you shouldn’t use the same password for different accounts.

Though it’s obviously much easier to remember a single password, having just one password means people that if someone cracks that password, they have access to all your accounts. So if someone cracks your email account password, and you’ve used the same password for your Facebook account, Frequent Flyer account, online newspaper subscription, bank account, credit card, Amazon account, and favorite café coffee card, all your accounts will become vulnerable at the same time. Not only is that dangerous, it’s also a huge headache.

2. Keep your passwords private.
Never ever share your passwords, not even with your closest friends. Even if the people you trust don’t deliberately misuse your passwords, they might inadvertently share them with the wrong people by writing them down some place that’s not safe, or accidentally telling them to someone who shouldn’t be trusted.

When it comes to kids (if you have them), make an effort to impress upon them the importance of keeping passwords private. Because if your daughter or son entrusts their passwords to a BFF (Best Friend Forever) who eventually becomes a Frenemy (an enemy pretending to be a friend) things could get seriously ugly.

3. The longer the better.
Passwords are a bit like good books: the longer, the better. Windows recommends using 20 to 30 characters for each password, but we all know that’s not always possible. For example, some passwords only allow for a maximum of 8 character (sometimes just 4!), in which case longer passwords aren’t an option. In such case, mixing up letters and numbers is good (when allowed).

4. Personalize your password.
Unless you are a genius (and even then), you will find it difficult to memorize a random series of 20 or 30 characters. However, if you give those characters meaning, it will be easier for you to remember. Mix things up by combining lower case and upper case letters, numbers and symbols, to make the password even stronger.

For example, while ILoveFunnyGirl may be personalized and easy to remember, it’s not actually that secure. But, if you up the ante a bit by using the password Malltime#1FMeverIFGwithB$, you’ve nailed it. That password, by the way, is based on the phrase My all-time #1 Favorite Movie ever is Funny Girl with Barbra Streisand. Did you notice the $ I used instead of an S? Try it for yourself. It’s not a big difference, it’s not hard to remember, and it can make your password a whole lot $afer.

Long passwords such as the one given above are also known as passphrases. So, once you’ve chosen the passphrase of your choice, type it out in a creative way that only you could guess. The difficulty in cracking a password increases substantially when you incorporate uppercase letters, lowercase letters, numbers and symbols.

5. Be unique.
Millions of people around the world use exactly the same passwords. I know, hard to believe, right? I mean, even though there are countless articles (including this one) about how important it is to use unique passwords, and even though there are endless possible combinations for unique passwords, many people opt for the same passwords over and over again.

SplashData are experts in the password business. A few months ago, they released a list of the worst possible passwords in the world. It revealed what many experts already know. Far too many people make really bad choices when it comes to passwrods.

Bad-bad-very-bad passwords that you should avoid like the plague include:

• Consecutive keyboard combinations (qwerty or asdfg or 123456 or 1111111)
• Consecutive number and letter combinations (1q2w3e4rt).
• Any word that can be found in the dictionary (soccer, baseball, hockey)
• Common words spelled backward (yppah, drowpass, sdrawkcab).
• The word Password.

These passwords may seem brilliant at the moment of conception, but they’re not. So if you are using any of these passwords for any of your accounts, stop reading now and change them.

6. Post-it notes are for making Things-to-do lists, not for passwords.
I know. There is nothing more tempting than typing your password on a post-it note and sticking it to your computer monitor. But resist the temptation. Having your computer password displayed on your PC kind of defeats the point of having a password, as anyone who wanders by can see it, type it, and access your private information. If you need to write down your passwords, store the information in a secret place, and make an effort to conceal the fact that it’s a password (i.e., do not list it under p in your address book).

7. Change your passwords often.
We won’t compare the importance of changing passwords to the changing of underwear (though other articles on the issue have done so) but we will liken it to changing the water in a fish tank.

If you don’t change the water in your fish tank every month or so, things are going to get icky. Change your passwords with a similar diligence. Alternately, just as an electric filter can clean your fish tank regularly, a password manager (see below) can periodically change your passwords.

8. Use a password manager.
There are dozens of services out there to help you manage your passwords. Some of them are free; others require payment. Some of them automatically change passwords on a periodic basis; others leave that to you. Do some research and see which manager you like best. The benefit of using a password manager is that you don’t actually have to memorize your passwords, and you can easily generate long and random passwords. The drawback, of course, is that you may never actually know your password.

9. Watch out for fake password verification notifications.
Be wary of messages that ask for your log in information, even if the message appears to be legitimate. A common phishing scam involves showing users screens which prompt them to change their passwords or provide personal information. If there is no valid reason for you to enter your log in details, don’t. It could be a scam. If you want to double-check the issue, type the URL of the website you want to visit into address bar and see if you are prompted again. If not, you may have just avoided a phishing technique. Phew!

10. Yes, keylogging is a thing. And yes, you can prevent it.
Even if your password is beautifully complex and sophisticated (MyBF&lt*inGr9WasHNB*12rY) it won’t help if there a keylogger is installed on the computer that you’re using. Keyloggers are a form of malicious software that record strokes made on a keyboard. Keylogging can also be done by device, though this is much less common. Keylogging malware is nothing new, and most antivirus programs that offer comprehensive protection for your computer also protect you from keylogging.

11. Reuse, Reduce, Recycle – Just not when it comes to passwords.
We’re in favor of reusing stuff as much as the next person, but the 3Rs simply don’t apply when it comes to internet security. Reusing passwords for diverse online functions including email, banking and social media accounts can make it that much easier for bad guys to steal your identity.

12. Watch your back.
Sorry, do I sound paranoid? I don’t mean to be, really. But make sure no one is watching you as you type in your password on your computer, and make doubly sure that no one is watching as you swipe or type your password on your mobile device. Criminals who observe people entering their passwords can use this information to access their private account information at a later date.

13. Log off when you leave.
Whether you’re scrolling through your friends’ Facebook posts at a café or working in an open space office area, best practice dictates that you log off your computer before you walk away. Usually, you can simply put the computer in Sleep or Hibernate mode. If you leave your computer unlocked, a stealthy troublemaker can sneak on and make unwanted changes to your passwords.

14. Avoid entering passwords on public computers.
Public computers in hotels and airports likely don’t have the same amazing antivirus protection that you have on your personal PC, and may very well be infected with malware designed to steal passwords. Avoid entering your passwords on such computers. If you need to access the internet securely when you’re away from home, use a mobile VPN through your own mobile device.

Do you have any tips for creating rock-solid passwords?