Do's and Don'ts of Good Passwords
Passwords. They're something that pretty much everyone has to deal with. We need them for credit card accounts, social media accounts, work, and any number of other things. Despite how prevalent they are, and despite how important they are, a lot of us still have trouble creating good passwords. If you follow the tips in this article, you'll be able to create good passwords that will help keep you safe.
1. Don't make short passwords.
A lot of people believe passwords need to look something like k5wT!1*a to be secure. So we make them as short as possible, hoping we'll be able to remember six or eight characters. There are two problems with this. A random jumble of characters will rarely be easy to remember, and there just aren't enough characters in a short password to make it difficult for a password cracking program to figure out. To be safe from password cracking programs, the minimum recommended password length is 14 characters. How long are your passwords?
2. Don't store your password where it can be easily found.
If you've written your passwords down and left them where you can easily get to them, chances are good someone else can easily get to them, too. That sticky note under your mousepad or keyboard, the file called "password," the list in your desk drawer — these (and many others) are easy to find. If your passwords are easy to find, whatever they're protecting is easy to compromise.
3. Don't keep a password for too long.
There is disagreement about how long to go before changing your password, and many sites have their own requirements. What all the experts can agree on, though, is that if anyone else knows your password and you don't want them to use it, change it.
4. Don't make a password that's easy to guess.
Some passwords are super easy to guess because they get used all the time (password, 123456, baseball). Others are easy to guess because the characters are related, follow patterns, or are single words you'd find in a dictionary (asdfgh, xoxoxoxo, initiative). Personal information is another category that's easy to guess, since so much of it is easy to find out (your sister's name, your dad's birthday, your phone number). A lot of folks use variations of the same password across multiple sites, but this can be easy to guess, too, especially if the person trying to figure it out has seen any of your other passwords (Xgoogle1!, Xfacebook1!; password01, password02, etc.). If your password is easy to guess, whatever it's protecting is easy to get to.
5. Add commas to your password
Adding commas to your password will corrupt the CSV file hackers dump your info into, after security has been breached.
6. Do make passwords easy to remember.
A couple of years ago, someone’s e-mail password was R2D2-NotrecommendedforDagobah. Even though it has 29 characters, it's easier to remember than the 8-character example in number 1 above (k5wT!1*a). It's also harder for a computer to crack. It was used without spaces, because their e-mail provider didn't allow for them, but, if you can use spaces, do; they count as special characters and some password cracking programs still have problems with them.
7. Do play with your security question answers.
Phishing attempts can get pretty sophisticated. We have seen online quizzes written in such a way that they manage to gather the information that security questions often ask for (for example, "Enter your pet's name and the street you grew up on to learn your fantasy novel character's name"). But by playing with your answers to the questions, you won't have to worry that your information could be used to get into your accounts.
How do you do this? It's pretty easy. Decide what you want to answer them with, instead of what they really are. For example answer all "people" questions with movie characters — your childhood best friend becomes a character that resonated with you when she were young, your mother's maiden name is the last name of a character who you think is an awesome mom. When some unscrupulous person has your real personal details, they can't use them to break into your accounts.