Tips For Creating Secure Passwords (Part 1)
January 3, 2012
With the recent explosion of password cracking software in use today it is important to follow a few simple guidelines when creating passwords for accessing your various web sites and applications:
- Do not use personal information. Using personal information provides too many clues for hackers. Components like part of your name, birthdays, pet’s name are not a good idea. If you do this to help remember it, see point 4 below.
- Don’t use the same password for all your sites and applications. Since many sites demand that you use an email address for the user name these days, and you don’t want to have to maintain dozens of unique email addresses, it is imperative that you at least use a different password for each site or application that has sensitive information on it. For internal resources that do not contain sensitive data a common password is OK, but if you really care about what you store on the site or in the application, and it is exposed to the Internet, use a different password for each one.
- Insure your passwords are at least 7 characters long to help increase cracking time beyond what could be reasonably performed.
- Mix character types. Password crackers first try various mixes and lengths of upper and lower alpha characters and numbers. The simple use of special characters such as a tilde (~) and high hat (^) at the beginning or end of each unique password that you create vastly decreases the probability that your password can be cracked.
- Don’t use real words in your password. Real words can help you remember your password, but again, provides a password that is too easy to crack. Instead use a component that in part relates to something specific about the site or application such as the site’s URL name or purpose (banking, gaming, stocks, music etc.) and then only use the first and last letter from each word of the name or purpose, with a couple of simple rules thrown in consistently to translate certain letters to special characters or numbers such as the letter “e” to an “&” and “i” to a “!” and “g” to a “9”. Combining this site specific password part with a personally known and easy to remember, fixed part that contains at least one uppercase character, for example, “I like Dogs” translates to “!l&Ds” let’s you quickly compute your password for any new site or application and without writing any passwords down.
- Rotate your passwords at least every 90 days or when asked to do so by the site or application.
Next Month we will show some examples of how to use the simple guidelines above to create secure unique passwords for all your sites and applications that you can compute automatically and that won’t have to write down.