Skip to main content

Password Do’s and Don’ts

By 15th September 2017No Comments

Here are a few tips for creating strong passwords. Take a moment to review these, and consider strengthening some of your passwords if they fall short.

  • The number 1 rule (and most secure online registration platforms require this) is to create unique passwords that use a combination of words, numbers, symbols, and both upper- and lower-case letters.
  • How many times have we entered a website and been asked to enter a new password which is at least 8 characters long and contains 1 capital letter, 1 number and 1 symbol like “@”? We end up with a password that is impossible to remember. The temptation is to use an easily-hacked word and/or to record it on a piece of paper stuck to the wall above our computer.
  • Do not use your network username or your “PC name” as your password.
  • Don’t use easily guessed passwords, such as “password” or “user.” There are many jokes about this… but it’s not funny when your data is stolen or encrypted.
  • Do not choose passwords based upon details that may not be as confidential as you’d expect, such as your birth date, your Social Security or phone number, or names of family members. It’s important to know that if you are the victim of a pointed phishing attempt, identity theft or direct attack (becoming more common) it’s very easy for someone to find these details on social media platforms.
  • Do not use words that can be found in the dictionary. Password-cracking tools freely available online often come with dictionary lists that will try thousands of common names and passwords. Remember that most passwords are “cracked” using automated software tools, and not by a human being.
  • Please don’t just type in keys in order as you find them on your keyboard: For example, “qwerty” and “asdzxc” and “123456” are a bad idea, and easy to guess.
  • How about a collection of words that form a phrase or sentence? Perhaps the opening sentence to your favourite novel, or a quote from a favourite movie. Complexity is nice, but the length is key. It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, there are extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second. It can, however, take up to a trillion years to crack a passphrase such as “mydoghasnonosehowdoeshesmell”. If you take a passphrase you are familiar with, then it will be relatively easy to remember.
  • Avoid using the same password at multiple Web sites. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.
  • Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.
  • Whatever you do, don’t store your list of passwords on your computer! If someone steals your computer… your online banking and social media sites will soon follow.

Leave a Reply