In today’s world, passwords are both essential for security and an absolute nightmare! I can only imagine the number of times you’ve forgotten a password or – worse – been frustrated when signing up for a new service and being told that your password doesn’t fit with their guidelines.
Or, have you ever been hacked? Your website, email accounts, social media profiles, amazon account and even your bank accounts could be at risk if your passwords aren’t secure.
Keep reading for guidance on how to choose strong and memorable passwords to avoid these problems as much as possible.
1. Don’t tell anyone your passwords
It’s obvious, so I’m getting it out of the way first!
However, there are occasions where you may need to give someone access to an account for a limited period of time. Assuming you trust them enough to do this, I suggest changing the password to something temporary, then giving them access through that temporary password. When they don’t need access any longer, change the password again.
Occasionally it is necessary for me to request access to my client’s accounts for various things in the process of creating a new website for them. In these cases, I often suggest that they do exactly what I just described to give me temporary access.
2. Don’t use the same password for more than one account
Oh, I know. Who doesn’t do this?!
But the thing is, as soon as one password is compromised, every account which uses that same password is potentially compromised too. It’s more of a hassle in the beginning, but the more you can vary your passwords, the better.
3. Don’t ever use any of the most common passwords
Every year you can search online to find lists of the most common passwords. Gizmodo.com published the top 25 passwords in 2015; here’s their list.
This list tells me that most people are probably in a rush when they are creating passwords. Let’s be honest – who ever thought that “123456” or “password” was sufficiently secure?! No, it’s more of a “this will do, at least for now” solution. But the truth is, these are the very first passwords any hacker will try. If I can find out that these are the most common, there surely isn’t a hacker in the world who won’t know too!
4. Use different types of characters in your passwords
In the list of most common passwords above, I quickly noticed that there is that there’s not a capital letter or a symbol in sight! Using different types of characters – lowercase letters, uppercase letters, numbers and symbols – increases the “search space” required to successfully guess a password.
Gibson Research Corporation describe it like this:
Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.
Using different types of characters makes a successful brute force attack take significantly longer for a hacker to achieve.
5. Use longer passwords
Every additional character used in your password makes a successful brute force attack take exponentially longer. Gibson Research Corporation have created a tool where you can test the strength of your password for a brute force attack, and the number of characters is the most important thing for this purpose.
I personally recommend making your passwords as long as possible, while retaining your ability to remember them. 20 characters would be a great length to aim for.
6. Avoid using easy-to-guess words or numbers
Don’t use your name. Don’t use your date of birth. Seriously – that’s the first place anyone would start!
If you remember, starwars made the list of the most commonly used passwords above. If there’s something you’re a big fan of – like Star Wars, another film, TV show, game, hobby, etc – chances are, a lot of people who know you know that about you. Avoid using those words in your passwords, go for something a bit more obscure.
I know someone who is into cars, but rather than using something obvious like their favourite make or model, they use number plates from cars they or their family members previously owned. This is memorable for them, but would be almost impossible for anyone else to guess.
7. Actually, you don’t even have make your passwords memorable
Yes, you read that correctly!
I have a LOT of passwords, both personal ones and ones for my business (the tools I use, logins for client websites, etc) and the truth is, I don’t know what most of my passwords are.
I actually use a password manager, which means that I have created and remembered just one password (which I have made as secure as possible – no one but me knows what it is). That one password unlocks the rest.
The password manager I use and recommend is LastPass. It’s fantastic – as you log into websites, it remembers the passwords you enter. When you go back to those sites, as long as you’re logged into LastPass, it automatically fills your username and password into the correct fields for you, so logging in becomes as quick and easy as clicking a button.
Additionally, it will make recommendations about which passwords are least secure and should be changed, and will suggest that you change your old passwords from time to time.
When you change old passwords or create new ones, LastPass can generate them for you – this is what I do. It generates randomised character strings like “*GEv9BZ3dq4IoG59TFn9”, “8xhB#E2h%%U3SSDgT38y” or “2xo^w9Q3d55V42W5QUoC”. Utterly impossible to remember, especially when you use passwords like these for everything, and highly secure.
8. Change your passwords regularly
If you’ve followed my previous tips, all that’s left to do is to change your passwords from time to time. Perhaps think of it as a digital spring clean!
Have I missed any tactics that you use to make your passwords more secure? Share them in the comments below!