Today, weak passwords are the key weakness in many aspects of online cyber security.
When choosing a password, it’s easy to just choose something that you can remember. The challenge is to come up with passwords that can stand up to attack while still sticking in your memory.
Here’s some tips:
- Make sure to use a minimum of eight characters.
- Try to spread out upper and lower case letters, symbols, digits, and punctuation marks throughout your password.
- Avoid exact spellings of words that can be found in a dictionary, in any language.
- Have a unique password for each website.
- Memorize your password by choosing something that can stick in your head.
- Keeping your passwords written down allows someone else to steal them!
- Make sure that you can easily type your password. If you need to pick out each individual key, it’s easy for an attacker to watch you type it and learn your password.
- Change your passwords once a month or so.
- If you have reason to suspect that someone has access to your password, or that they have enough information to guess, change it immediately.
Here’s how to create the safest password:
- Password software can generate random character strings.
- Take familiar song lyrics or a favorite poem, and make your password each first letter.
- Use a pattern of consonants and multiple vowels to invent your own word you can remember, like “heitoopa.”
- Create a contraction between two existing words with a symbol in between, like “house@fall.”
Examples of bad passwords:
- Never use any part of a piece of personal information that other people can find in your password. Names, birthdays, driver’s license number, your address, anniversaries, etc. are all security vulnerabilities.
- Do not relate your password to the login name of the account it is being used for.
- Do not choose a dictionary word with one character after it. Passwords like “apple1” are some of the most common and easy to guess.
- Repeating the same word twice or writing a word backwards are also very insecure.
How to guard your password:
- If your password is on your computer, it must be encrypted.
- Do not allow your browser or any other program to save your passwords.
- Do not send people your password through the internet in an unencrypted form.
- If you have your password written down physically, lock it up. Do not leave it out where it could be found.
- Do not tell your password to anyone.
Common ways that hackers steal passwords:
- Finding it in real life, by watching you type or by finding it written.
- Guessing it based on known information, such as your birthday or the name of your child or pet.
- By using a brute force attack to sequentially guess every combination of letters, numbers, and symbols until the correct password is found. With thousands of guesses per second, this often doesn’t take long for a short password.
- By using a smarter dictionary attack, which is a brute force attack that checks words from dictionaries as well as common insecure passwords like “qwerty,” “12345,” and the like. These won’t catch every password like a brute force attack does, but they will catch insecure passwords with dictionary words much faster.
If you would like to learn more about password safety, please visit here for more information. Good luck, and stay safe.