Every day in the news is another report on a security breach or password hack and, if you’re like most people, it makes you wonder just how good your passwords really are. Unfortunately, if you are like most people your passwords are not only easy for you to remember but easy for hackers to figure out too. So what can you do to make sure the baddies don’t get access to your sensitive information while still making the passwords easy to remember?
Password Creation Rules
Fortunately, there are not only several methods of creating passwords that are helpful and secure but there are also some free or low-cost tools that can help as well. However, let’s go over some rules of secure password making first.
- Passwords at minimum should be 8 characters long. This is the ABSOLUTE minimum password length you should ever have. When it comes to security, the longer the length of your password the better. Why? The longer a password is the longer it takes a hacker to figure it out. More characters in your passwords means more months, years, or even decades before it can be hacked. The longer it takes a hacker to figure out a password the higher the chances are that they will move on to lower hanging fruit and leave your accounts alone. It’s just not worth their while at that point.
- Passwords should be complex. This means that your password should include a variety of characters. A secure password will include lower and upper case letters, numbers, special symbols, and similar characters.
- They should be changed regularly. Current guidelines suggest that all passwords should be changed every 90 days and the more sensitive the data being protected the more frequent the password should be changed especially when it comes to businesses. That being said for personal accounts, it would be okay stretch that to every 6 months or once a year IF you are certain your password is extremely hard to crack and would take a gazillion years to hack. There are online tools that will assess your password and let you know how long it would take for a hacker to defeat it. One such tool is this Password Checker Online here. You enter your password and it will tell you how strong it is, analyze if you’ve used all the correct complex ingredients, and then (this is really cool) it will tell you how long it would take a Brute-force attack to crack that code. For example, password123 (a very common and horrible password by the way) at a minimum would take a medium size botnet only 22 minutes to crack! Not good at all! Your goal is to create a password that you can remember but will take literally a quadrillion years to hack.
- Avoid Dictionary words. There is something called a Dictionary Attack. This is where hackers use a list of words in the dictionary to generate possible passwords that you might have used. If you’ve used a word that’s easily found in the dictionary it gives the hacker a very good starting point and from there on it’s only a matter of time before they figure the rest of the password out.
- Don’t use personal information in your password. It is very common for people to use relative or pet names, birth dates, wedding dates, names of favorite teams or musicians, favorite movies, and more when creating passwords. Anything that is easy for people to either guess or is well-known about you is NOT a good password. For example, if you’re a huge Beatles fan and everyone knows that about you, then a password of ILoveTheBeatles! is not a good password regardless of how challenging or varied you try to make it. If you absolutely MUST use something about yourself in your password then make it something really obscure that no one knows about like a childhood memory you’ve never shared with anyone or something of that ilk.
- Don’t be repetitious. Using the same letter, number, or symbol in your password makes it easier to guess. Substitute one of the repetitious characters with something else or split them up with another character in between to make it more secure.
Methods For Creating Passwords
So those 6 items sum up the basic rules for creating a password. Now keeping those in mind let’s talk about some ways to make passwords that are not only secure but also easy for you to remember.
- The Passphrase Method: This method requires you write out a phrase that means something to you. It could be anything but the more obscure the better and then convert it to something that looks random to others. In this way, you just have to remember the phrase and your method for converting it to a password. So maybe you decide that the first letter of the phrase is always a lowercase letter, the first two letters of the second word are always upper case letters, then you add a number after that and a special character somewhere as well. Whatever your formula, all you have to do is remember your formula and the passphrase and you will never forget your passwords. For example, the phrase ‘The Beatles are the number one group in the world!’ could be converted to ‘TBrt#1gitW! Now admittedly, this still isn’t the best password in the world, according to the Password Checker Online it would take a medium sized botnet 2 years to hack it but if you heed the advice to change passwords at least every 6 months then you will be fine.
- 12-Word Seed Method: The idea here is to pick 12 random words and string them together to create your new passphrase. Yes, they are all words found in the dictionary but they are in such random order that it would take a quadrillion years for a hacker to figure out. So how do you remember a passphrase like that? Visually picture those things over and over until you not only see the words in your head but you’ve also created a story about it.
- The Person-Action-Object (PAO) Method: This method came from a book by Joshua Foer called ‘Moonwalking with Einstein’ and it consists of picking an image of a place, a familiar or famous person, and a random action and putting it all together into a short story. Once you create that story and you can picture all these things, shorten the story down to a password. Then do this several times to create several passwords to string together until you have at least 12-characters. You can read more about the PAO Method here.
These are just three methods for creating secure passwords. Feel free to make up your own system as well just remember the rules above when doing so.
Another way to keep on top of your great passwords is to sign up for a Password Management Tool like LastPass, 1Password, or Secure Safe Pro. These management tools save your passwords in a safe that only you can get into. The pros of these tools are that they can be set up to automatically save your passwords when you log into sites as well as create long, secure passwords for you. All you have to do is remember the one password to get into the Password Management Tool but that should be easy now that you have a few methods that will help you create easy to remember, secure passwords.