We’ve all been there. Trying our best to think up a new password or, worse, struggling to remember an old one.
Nowadays, we’re using more online services than ever before. With this, the number of logins and passwords we need to create and remember has been growing steadily.
With more and more news stories of accounts being hacked, I thought it would be useful to share with you some tips for creating great passwords and storing them safely.
What to avoidLet’s start with the basics:
- Don’t write down your passwords on paper. Certainly, don’t write down the password on a post-it on your desktop!
- When you enter your password, take care nobody is watching over your shoulder.
- Do not tell anyone your password. Even your best friend. They might not be as careful with your password as you are, and one day they might be your ex-friend!
Using personal information in passwords is a definite no-no. This information can easily be guessed by someone trying to access your account. So, don’t use:
- The name(s) of any of your family members
- Your pet’s name
- Your place of birth, where you live, or your workplace
- Anything related to your favourite sports team
Every additional character in your password improves its strength considerably. So, the longer the better. Some services limit the number of characters in a password. So, aim for a password of 10-12 characters, certainly no fewer than eight.
Bear in mind that changing your password regularly doesn’t make it harder to crack – just harder to remember!
Use two-factor authentication when available. It will make your account much more secure. This is when a website uses two forms of identification to confirm you are the person logging in. For example, after entering your password you may receive a text message to your mobile phone with an authorisation code for you to log in with.
Never reuse your password!
The trouble is, if you keep reusing a password, you increase the number of chances it will be cracked. If your password is revealed in one account all your other accounts will be instantly vulnerable.
So, to be safe each account needs a completely different password.
Even someone with the memory of an elephant would struggle to remember the passwords for the many accounts we log in to these days.
Nevertheless, I’d highly recommend using separate passwords for your key accounts for things like banking, emails and social media.
Store passwords securely
Software products, such as LocCroc, can be used to securely store logins and passwords. LocCroc works with Microsoft Excel and uses advanced encryption technology to allow you to lock away sections of a spreadsheet. Once locked, your passwords are encrypted, scrambled and hidden from view, only accessible via a single master password.
Passwords are often cracked using powerful computers which automatically and very rapidly guess trillions of password possibilities until they find the right one.
These computers don’t work entirely randomly. They are programmed to look for common password patterns, targetting the most common first.
As you’d expect, the most commonly-used passwords are most easily cracked. For example, ‘123456’, ‘qwerty’, and ‘password’ – yes, people do really use these!
But before you feel too confident in your own choice of password, bear in mind password-cracking computers are more sophisticated than you might think:
- They recognise dictionary words in numerous languages, along with dates and place names.
- They are programmed to try popular substitutions for letters, for example, a $ being used instead of an S, or a zero in place of an o. So, passwords like ‘Pa$$w0rd’ are no good at all!
- Some password-cracking computers can try billions of password combinations per second!
How do I create a secure password I can remember?
Creating a secure password isn’t difficult. A random jumble of letters, numbers and symbols should suffice. But we need to strike a balance. It’s no good having a secure password if we can’t remember it.
Instead of using a single dictionary word, why not combine three or four unrelated short ones e.g. ‘CatYellowSki’. It’s more memorable for you but harder for a computer to crack. Do take care when you’re combining words – don’t use any well-known phrases like ‘Ihaveadream’.
Use a range of characters,
Combine letters, words, numbers and symbols and use both lower and upper case. For example: ‘7ShyEgg#Hats’
One technique allows you to avoid dictionary words altogether. You simply think up an unusual phrase and use the first letter of each word to form your password.
To help you come up with a password that’s memorable but hard to crack, try this:
Think of a famous person, an activity and a location.
- Person: Queen Victoria
- Activity: Eating currant buns
- Location: Starship Enterprise
From this, make up a phrase.
“Queen Victoria wants to eat currant buns on the Starship Enterprise”
Look out for opportunities to replace any of the words with a number or symbol
“Queen Victoria wants 2 eat currant buns on the *ship Enterprise”
Then use the first letter of each word along with the numbers and symbols to form the password:
See how I’ve used uppercase letters for the proper nouns (Queen Victoria and Starship Enterprise) with lower case letters for the rest.
The great thing about this technique is that it uses our visual memory to make the password much more memorable. At the same time, the password is tough for a computer to crack or for anyone except you to remember.
I put this password into a password strength checker which concluded it would take 857 billion years to crack!