Choosing a Secure Password
With all the large data breaches lately, you might be wondering how it would ever be possible to create a password good enough to secure your data. With every new account requiring more numbers, symbols, and capitals, it can get even more overwhelming to create a secure password. Particularly one that’s easily remembered. Thankfully there are a couple of methods that solve all of these problems.
For passwords with a short length requirement.
The best way to create a password is to think of an easy to remember 8-12 word sentence or sentences. Preferably with some punctuation. Then take the first letter of each word and put it together. Keep all of the punctuation and capitalization. Then go ahead an pick an important date (but not your birthday) and shove it somewhere within. It’s also okay to use ‘leet text’ and just replace some of the letters with numbers, but I find this harder to remember.
For Example, you might try something like this:
My favorite doggie is named Violet! She likes to play with squeaky toys.
Take the first letters and punctuation:
Add a Date, in this instance we are using the dogs birthday. “9/17” This could also be written as “917”, “9.17” etc…
That’s a pretty complicated password, and easy to remember!
For passwords without a length requirement.
The easiest way to create a secure password is by using a short passphrase instead of a password. Depending on the amount of security that’s desired, pick between 3-8 words, and shove them together. That’s it, you have a password. So long as the words are longer than a couple of letters each, the password should be even harder to crack than the one above, as well as being easy to remember. If you desire more security, you can add words, easy to remember punctuation, or an important date.
For example, lets take a look at the following samples:
wet floor slipping hazard
This password is already pretty secure, and it’s easy to remember. We can shove it together or we can leave the spaces in, it doesn’t really matter a whole lot.
I personally want a little bit more security, and the place I’m using this password requires numbers AND symbols. So I added a number and some punctuation that I think is easy to remember.
Here’s the final password, and I think it’s pretty easy to remember. 1 wet floor = slipping hazard. Which resembles a complete sentence “One wet floor is a slipping hazard.”, or “A wet floor is a slipping hazard.”
Now that’s a hard password to crack, and it’s easy to remember.
Comic Credit: XKCD https://xkcd.com/936/
How many passwords do I really need?
Best practice would would be to have a separate password for every unique account. For example, one for each online banking website, one for your email, one for your facebook, etc. You should avoid any password reuse. When a bad guy manages to break in somewhere and get one of your passwords, he could have easy access to any place you re-used that one password.
How often should I change my password?
This is currently a hotly debated topic. There are significant costs associated with too-frequent password changes that cause employees/customers to forget their new password. That being said, regularly changing your password does increase security to some degree. However, the return from doing this is actually somewhat small. That being said, the current recommendation for changing your password should be at a minimum every 180 days. You can always change it more frequently, but only if you’re sure you can remember your new one.
There’s also the thought that it matters what account the password belongs to. For example, you might not need to, or even care to change your Netflix, or Hulu password ever. For the most part, it probably wouldn’t really matter a whole lot if someone broke into your video streaming accounts. Someone ends up screwing up your Netflix queue. On the other hand, there are accounts where you may want significantly more security. For example, any accounts you may have with financial institutions, or most importantly your email. If someone manages to get into your email, they’ll have access to pretty much any account that uses that email for verification. If you only have one personal email, they could have access to pretty much your entire digital identity.
Last but not least: things to avoid!
When using these methods avoid using song lyrics, movie or tv quotes, or really common phrases.
In general, you should also avoid using passwords like:
- Pet names
- Loved ones
- Your name
- Your birthday
- Anything that is related to what the password does, eg using “emailpassword” as the password to your email