Choosing a Good Password
Inadequate passwords are one of the biggest causes of hacking. Also, it is one of the easiest to fix.
Choosing a good password is easy to do but many people take shortcuts thus exposing their logins to hackers. There are a few tricks that you can implement to remember a good password. The importance of the password is something to keep in mind. Your online banking password is much more important than a hardly used email password.
Many hackers use an automated program that uses a dictionary as a starting point to try and break in. So number one rule: do not use a word from the dictionary. One like "token" is way to easy to guess.
The best password is not your dog's name or common ones like 'qwerty'. They are easily cracked.
One of the biggest complaints is a good password is hard to remember and has to be written down. There are programs that remember your login and password which obviates the need to remember all your passwords. Some of them can generate strong passwords for you.
A couple of caveats:
- If this program ever became corrupted, all your logins and passwords would vanish so make sure the login/password information can be backed up.
- Like any programs, if you do not choose a strong master password (to protect the password program) it can be easily hacked.
- Some password programs can be stored on a USB flash drive so they can be carried from one computer to another. But don't let it get stolen!
- If you need to write down your passwords, do so but keep them under lock and key. Remember the best password is one that is (nearly) impossible to guess but still usable.
Create a Strong Password
Choosing good passwords is pretty easy but very important.
- They should be at least 14 characters long. The longer the better. Each character added makes the password at least (26+26+10 lower case, upper case, and digits) 62 times harder to guess; more if special characters are included.
- Contain upper and lower case letters
- Contain nonsequential digits
- Contain at least one symbol, such as # (character other than number or letter)
- Is not your name
- Is not a word or words in the dictionary
- Is not a common name
- Is not like previous passwords
- Is not used elsewhere
- Is not your login
- Is not your friend's name
- Is not your pet's name
The password should not contain words from a dictionary, names, or dates. If you use a name from a dictionary (which is *not* recommended since many hackers use dictionaries to try and figure out passwords), split it up by putting numbers in it: pa48sswor>D. An even better strategy is to use "random" letters instead of a word. An example would be IdNgU (first letters in: I do not get upset ) then add numbers and characters: I2d4N6g8U<.
To prevent confusion, try not to use letters like O which can be mixed up with zero or L which can be similar to 1.
If you do not want to deal with numbers, mixed case letters, and special characters at least make a long password like: ilovetogotothebeach. It is better than nothing.
If you have to choose, make the password as long as possible.
Don't forget to change your passwords on a regular basis.
Password Your Accounts
All the login user accounts on your computer should have passwords.
Passwords on your Computer
Do not store your passwords or sensitive personal information on your computer (or sticky notes on the monitor or written on paper nearby, especially in an office). If you insist, store it in an encrypted (passworded) file. If your computer is stolen someone with a boot disk can use it to boot up your computer and examine all your files. Or if your computer is compromised by a virus it may scan your disk for pertinent information.
Use a thumbdrive with a password management program on it.
Do not use Same Password
Do not use the same password on several accounts because if one account is breached then the hacker can probably figure out your login to other accounts and use the password.
Use Temporary Passwords
Since most public computers have no login security, it is pretty easy for someone nearby to pick up your login name and password using a wireless sniffer. Also, you are not sure if a public computer, such as one in a library, does not have keystroke loggers on it. When using a public computer, use a password and change it as soon as you get back to your regular computer. That way if someone intercepts it they will have little time to spam you.
Use 2 Step Authentication
This requires a mobile phone or email address along with your regular login and password. When you login, a text message or email is sent which contains several characters, like 839238. This also has to be entered in order to fully login to your account. If someone knew your password and login, they still could not get in because they would have to have access to your phone or email account.