Clearly Developed
Website design, build & ongoing care
Website design, build & ongoing care

 

Call Sarah on 07513 116 196
sarah@clearlydeveloped.co.uk

Tips for creating strong and memorable passwords

In today’s world, passwords are both essential for security and an absolute nightmare! I can only imagine the number of times you’ve forgotten a password or – worse – been frustrated when signing up for a new service and being told that your password doesn’t fit with their guidelines.

Or, have you ever been hacked? Your website, email accounts, social media profiles, amazon account and even your bank accounts could be at risk if your passwords aren’t secure.

Keep reading for guidance on how to choose strong and memorable passwords to avoid these problems as much as possible.

1. Don’t tell anyone your passwords

It’s obvious, so I’m getting it out of the way first!

However, there are occasions where you may need to give someone access to an account for a limited period of time. Assuming you trust them enough to do this, I suggest changing the password to something temporary, then giving them access through that temporary password. When they don’t need access any longer, change the password again.

Occasionally it is necessary for me to request access to my client’s accounts for various things in the process of creating a new website for them. In these cases, I often suggest that they do exactly what I just described to give me temporary access.

2. Don’t use the same password for more than one account

Oh, I know. Who doesn’t do this?!

But the thing is, as soon as one password is compromised, every account which uses that same password is potentially compromised too. It’s more of a hassle in the beginning, but the more you can vary your passwords, the better.

3. Don’t ever use any of the most common passwords

Every year you can search online to find lists of the most common passwords. Gizmodo.com published the top 25 passwords in 2015; here’s their list.

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

This list tells me that most people are probably in a rush when they are creating passwords. Let’s be honest – who ever thought that “123456” or “password” was sufficiently secure?! No, it’s more of a “this will do, at least for now” solution. But the truth is, these are the very first passwords any hacker will try. If I can find out that these are the most common, there surely isn’t a hacker in the world who won’t know too!

4. Use different types of characters in your passwords

In the list of most common passwords above, I quickly noticed that there is that there’s not a capital letter or a symbol in sight! Using different types of characters – lowercase letters, uppercase letters, numbers and symbols – increases the “search space” required to successfully guess a password.

Gibson Research Corporation describe it like this:

Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.

Using different types of characters makes a successful brute force attack take significantly longer for a hacker to achieve.

5. Use longer passwords

Every additional character used in your password makes a successful brute force attack take exponentially longer. Gibson Research Corporation have created a tool where you can test the strength of your password for a brute force attack, and the number of characters is the most important thing for this purpose.

I personally recommend making your passwords as long as possible, while retaining your ability to remember them. 20 characters would be a great length to aim for.

6. Avoid using easy-to-guess words or numbers

Don’t use your name. Don’t use your date of birth. Seriously – that’s the first place anyone would start!

If you remember, starwars made the list of the most commonly used passwords above. If there’s something you’re a big fan of – like Star Wars, another film, TV show, game, hobby, etc – chances are, a lot of people who know you know that about you. Avoid using those words in your passwords, go for something a bit more obscure.

I know someone who is into cars, but rather than using something obvious like their favourite make or model, they use number plates from cars they or their family members previously owned. This is memorable for them, but would be almost impossible for anyone else to guess.

7. Actually, you don’t even have make your passwords memorable

Yes, you read that correctly!

I have a LOT of passwords, both personal ones and ones for my business (the tools I use, logins for client websites, etc) and the truth is, I don’t know what most of my passwords are.

I actually use a password manager, which means that I have created and remembered just one password (which I have made as secure as possible – no one but me knows what it is). That one password unlocks the rest.

The password manager I use and recommend is LastPass. It’s fantastic – as you log into websites, it remembers the passwords you enter. When you go back to those sites, as long as you’re logged into LastPass, it automatically fills your username and password into the correct fields for you, so logging in becomes as quick and easy as clicking a button.

Additionally, it will make recommendations about which passwords are least secure and should be changed, and will suggest that you change your old passwords from time to time.

When you change old passwords or create new ones, LastPass can generate them for you – this is what I do. It generates randomised character strings like “*GEv9BZ3dq4IoG59TFn9”, “8xhB#E2h%%U3SSDgT38y” or “2xo^w9Q3d55V42W5QUoC”. Utterly impossible to remember, especially when you use passwords like these for everything, and highly secure.

8. Change your passwords regularly

If you’ve followed my previous tips, all that’s left to do is to change your passwords from time to time. Perhaps think of it as a digital spring clean!

Have I missed any tactics that you use to make your passwords more secure? Share them in the comments below!

Helpful guides

Comments

Nathan

As someone who works in IT support passwords has always been a bit of an ongoing theme in everything we do. I have previously worked for a multi-million pound company where passwords were treated as a bit of joke really! I mean everyone on the IT team knew the CEO’s password but he didn’t! We also lost count the amount of times we saw post it notes with passwords on. These were quite often something so simple like that we knew about the user. Even more importantly to anyone who works in an environment with other users around you make sure you lock your screen when going away from it. I’ve seen people have all their work deleted because of doing this. Not a good thing.

I personally can vouch for LastPass too. We used it for ALL passwords and even notes about network setup etc.

Reply to this comment

Sarah

Thanks for adding your thoughts, Nathan! Locking your screen when you are away from your computer is a great security tip.

Reply to this comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This site uses cookies. Find out more about this site’s cookies.