Best Practices: P@ssW0rd 101

If you’re anything like most people I know, you hate passwords. The only thing you likely hate more than passwords is the requirement that security conscious sites employ enforcing minimum complexity requirements and prohibitions against reusing ten of your most recent passwords. That said, like the deadbolt on your home’s front door, passwords are the first line of defense in protecting your personal information.

Many (but unfortunately not all) websites now provide the capability for two-factor authentication. For sites that don’t, though, the strength of your password becomes even more critical. So what is a smart-minded user to do? They go Str0ng3r. In the next few steps, we’ll take basic concepts and combine them to make the strongest password possible.

Length: Go big or go home

When it comes to password length, longer is always better. The standard recommendation is that passwords should be a minimum of eight characters long. While people often complain about this requirement, long passwords can be just as easy to remember as shorter ones. The key is to use pass phrases. Instead of choosing one word like “rainbow”, go with “rainbowsarebig”.

Making the case for uppercase

As elementary it may sound, simply mixing a few upper case letters makes your password more complex. In our example, it’s as easy as taking ”rainbowsarebig” to “RainbowsAreBig”. Easy enough, right? Let’s move on to the next step then.

Numbers are your friends

The next step in fortifying our password is to sprinkle in some numbers. This doesn’t mean adding your birth year or telephone number at the end. As with the uppercase letters, mixing the numbers in increases the strength. We can do this by substituting the vowels in our password with numbers. This easily takes our password from ”RainbowsAreBig” to ”Ra1nb0wsAr3B1g”.

Characters make it extra special

Adding in some special characters is like lengthening the strike of a deadbolt. It makes it even harder to force open. In this step, we not only add a couple at the beginning and end. We also add one in the phrase. ”Ra1nb0wsR3B1g” evolves into ”!R@1nb0ws@r3B1g!”.

Coding is the coup de grâce

The final touch to our password is to make it multipurpose. This doesn’t mean we reuse it on every account we have, from bank websites to email accounts to office networks. We can, though, use ”!R@1nb0ws@r3B1g!” as our base password and add identifiers behind it. An example would be separate email accounts on Yahoo and Hotmail. These passwords become ”!R@1nb0ws@r3B1g!YAH” and ”!R@1nb0ws@r3B1g!HOT”.

A final caveat

In the end, no password is safe from a dedicated attack or intrusion into one of the sites on which you have an account. Using a base password with extra characters to identify the site does help, but you should have different base passwords for different types of sites (e.g. utilities, banks, email services, etc.). This provides added assurance that if one base is compromised, it only affects a few sites of a specific type. Even then, it’s still good to change your passwords periodically and especially if you suspect they or your computer may have been exploited. Of course, if you have dual or multi-factor authentication available, you should take advantage of it. After all, you wouldn’t leave your door unlocked and windows open when you leave the house. Your accounts deserve the same security, and one less thing to worry about is always a good thing.

RSS
Follow by Email