When you create new online accounts, do you think it is important to create good passwords? If you answered “yes”, you’re ahead of the game, but…
Do you do any of the following when choosing a password?
- Use a common dictionary word?
- Use a password shorter than 8 characters?
- Reuse the same password for many sites?
- Save your passwords on a scrap of paper or a text file on your desktop?
If you do any of those things, it is time to review your password practices. You are an easy target for hackers who would only love to get their hands on your personal data.
Here’s How To Create Good Passwords
- Make passwords of at least 8 characters long: In this case, longer is definitely better! Go with passwords that are at least 8 characters long. If you go with 10 characters, even better. Those two extra characters force a potential hacker to go through many more iterations in their effort to crack your password. 12 characters? Go for it!
- Stay away from the dictionary: The first thing that hackers do when trying to hack into a website is to run through all the words in a dictionary. They can run through millions of words in a matter of seconds. If you insist on using dictionary words, at least replace some of the letters in the word. For example, replace all “e” with “3” and all “o” with “0” (zero) to turn a word like “categorize” into “cat3g0riz3”. This is still not ideal, but so much better than merely using dictionary words.
- Use Phrases to make really good passwords: The ideal password is something that appears to be a bunch of random letters. The problem with those are that they can be hard to remember. A great way to create a password that looks like a bunch of random letters, is to use a phrase. Then use the first one or two letters from each word in the phrase to create the password. For example, if you use the first letter of each word from the phrase “The Quick Brown Fox Jumps Over The Lazy Dog”, you get “tqbfjotld”. That’s pretty random, yet you can remember it, right? (Don’t use that phrase though, make up your own.)
- Use Uppercase and Lowercase letters: This one is easy. Our password from step 3 could become “TqbfjotlD”.
- Add numbers and other non-alphanumeric characters: Get in the habit of adding a number or two, or other characters like “@” or “$” to your passwords. That just makes it so much more complicated to hack. As mentioned in step 2, you can even replace some of the letters in your password with a number. Using our phrase password from step 3, “TqbfjotlD” could become “Tqbfj0tlD” by replacing the “o” with a “0” (zero). By adding a non-alphanumeric character to the front and another number to the back, it becomes “@Tqbfj0tlD1”.
Storing Your Good Passwords
Over time you will likely end up with a bunch of good passwords that you need to remember. If you can memorize them, fantastic! I know that I am not able to remember all my good passwords. The solution is to store them somewhere.
Please don’t store your passwords on a scrap of paper in your desk drawer! Yes, no hacker can get to them there, but a burglar can. And what do you do if the scrap of paper mysteriously disappears from your drawer?
Store your passwords on your computer, but please don’t store them in a text file on your desktop! Be sure that they are stored in an encrypted format that requires a master password to open the file. This way you only have to memorize your master password.
Some people store their good passwords in a text file, but on an encrypted USB drive that they can carry with them. I prefer software that is designed specifically for storing passwords.
My favorite application is KeePass. It is a free application that allows you to organize your passwords into categories. They are stored in an encrypted format and protected by a master password. It will also generate random passwords for you if you decide to go that way.
Be sure to keep a backup of your password store somewhere. I store mine in Dropbox. In fact, I place my Keepass database file in my Dropbox. This allows me to access my passwords from my desktop computer or laptop. Both computers access the same password database and Dropbox keeps it all in sync. It’s a great solution.
Using Your Good Passwords
Here are a few more guideline and tips for using your good passwords:
- Don’t reuse passwords: This is not such a big deal for harmless websites, like perhaps a few forums where you are required to log on. However, do not reuse the password to your online banking account or your stock brokerage account.
- Change passwords: Again, this is not a big deal for harmless websites, but it is a good idea to periodically create new good passwords for your financial websites.
- Copy & paste passwords: If you store your passwords as I suggested earlier, you can copy & paste your passwords from your password store when logging on to website. This prevents any typos when entering the password. Also, if there happens to be a keystroke logger on your computer at the time, the logger will not record your password entry.
If you follow all of these “good passwords” guidelines, you will be taking a big step forward for your own online safety.