With all of the hacking going on these days, it’s important to have good complex passwords on your important accounts. Important accounts include email, online retailers, banks and other financial institutions, etc.
When you create a password you want it to be something that nobody could guess, but you also want it to be something that a password cracking program cannot easily crack. Cracking is using sophisticated software to figure out someone’s password.
With that in mind, your password should NOT include any of the following:
- Personal data; Your name or initials or the name or initials of your spouse, kids, grand kids, other relatives, pets, date of birth, year of birth, phone number, street number, street name.
- Avoid using any words that are in the dictionary.
You may be wondering why you shouldn’t use any words you might find in the dictionary. That’s because of the password cracking software out there.
The experts say you should pick a password that you can remember and not to write it down. However, this contradicts the rule about not using any words in the dictionary. If you don’t use words, it’s hard to remember. Also, you have to have a different password for each account. That too makes it impossible not to write them down. There’s no way you could remember all of those passwords and which account they go to.
The truth is, if you get hacked, it’s probably not going to be by someone who is physically at your computer and finds your password list. So do write it down. Don’t leave it in plain site though. In fact, you should hide it. Keep in mind that if someone broke into your house and took your computer and other things, they shouldn’t easily find your password list when they take those things.
Different websites have different password restrictions. Some have a minimum length of 6 while others it’s 8. Some allow symbols, some allow no symbols, some allow only certain symbols. A good website will tell you the password restrictions when you are prompted to create a password.
When you need a new password, use the following rules:
- Your password should be at least 8 characters long. The longer the better.
But not so long that it takes 5 minutes to type it in.
- Should contain at least 2 uppercase letters.
- Should contain at least 2 lowercase letters.
- Should contain at least 2 numbers. Preferably not next to each other. And not at the end of the password.
- Should contain at least one symbol if allowed.
I good trick is to think of a phrase and use the first letter of each word in the phrase or a lyric from a song.
The first thing I thought of was: “You can’t always get what you want.”. In case you don’t recognize that, it’s a song by The Rolling Stones.
If we take the first letter of each word we get: ycagwyw
Now we need to modify that to make it a good password.
First, we see that it’s kind of short. What I like to do is put the phrase in there twice. The first time in all caps, the second time in lowercase letters.
So in this exaple, we would end up with: YCAGWYWycagwyw
Now we need to throw some numbers in there: YCAGWYW489ycagwyw
Now we need to throw a symbol in there (if the system allows it): YCAGWYW=489%ycagwyw
Now that’s a good password.
Another good trick is to deliberately misspell words.
Let’s take the word: computer
If we misspell it, add uppercase letters, a number, and a symbol: k0Mp@t3r
You get the idea.
If you don’t want to go through all of that to figure out passwords, there’s an easier way. A password generator. The one I use is https://www.roboform.com/password-generator. When you go to that website, you can specify how long the password should be, what types of characters should be in it, etc. Click the generate new button and viola. There’s a good password.
Once you have a good password, don’t use it for all of your accounts. If you do, when one account get’s hacked, they all get hacked. Use different passwords for each account. This rule makes it impossible for you to remember which password goes with which account. You simply have to make a note of them somewhere. Most people have a notebook, Rolodex, or some place where they write them down. Others make a Word document or Spreadsheet on their computer and have them there. Each has pros and cons. A written down list of password on paper is safe from hackers, but can be access by friends and other visitors, or it can be stolen by a thief. A digital list of passwords (document or spreadsheet) is vulnerable to hackers but there are things you can do to make them safer. Another good way to note all of your passwords is to use a password manager although some of them have been hacked too. With a password manager, you only have to remember one master password and the password manager fills in the correct password for the account in question. LastPass is the most popular one, but it has been hacked before. I’ve been using RoboForm for many years. I can find no evidence that RoboForm has ever been hacked. The problem with RoboForm is that it’s not quite as easy to use as LastPass.
For your average residential user, a paper written list is probably best. Keep it hidden out of view.
If you are keeping your passwords in digital form, it is possible to password protect a Word document or Excel Spreadsheet. It’s not great security, but it’s better than nothing. If you keep your passwords in one of those forms, add a good password to the document so that when it’s opened you have to provide the password to read the contents.
Try a free trial of a password manager and see how you like it. They don’t cost much if you end up subscribing.