How to Choose a Good Password

Easy as it may sound, but this is a dilemma for some. How do I choose a good password? 

Quick Overview

With innovation, the internet has made it so easy to crack passwords. There’s software freely available for anyone to start trying to hack passwords and not all online sites are as secure as they should be. So you have to be on guard and take passwords seriously, if you have easy to hack passwords, you’ll almost certainly find yourself hacked at some point. 

If your password is generic sounding like a family or pet name, is a celebrity or is a common password like “password” or “peanut” then it takes only seconds for a program to crack it or for someone to guess it after two or three attempts.

This article will hopefully help you choose strong passwords and develop a password strategy to use for Email and general internet browsing.

Step 1 : Implications

If someone can crack, or guess or hack your password for one website that you log in to, then potentially they can start hacking more. Email should have a very secure password because this is often where other websites send password notifications and reminders.

Whilst you might think that a simple password for your Amazon account might be okay, think about the personal details and card details they hold for you that could potentially be compromised.

You can get software for generating and storing passwords. For example 1password (www.1password.com). These allow you to store very secure and complex passwords for each site which can be unlocked with one single password on your Mac. Similar to Keychain but much better. We don't necessarily recommend that you use this but it always comes handy.

Step 2 : Key things to remember.

  • Never use just words for passwords, always use letters and numbers. You should avoid real names, and real words.
  • You should have a few usernames and passwords which you use for all of your online logins, not just one. Do not use the same password for your online banking as you do for your Amazon account. If your details get compromised for one it’s best to limit the damage.
  • Make online banking passwords very strong– a password of 8-12 alpha-numeric characters and no real words in it.
  • Do not disclose your password to anyone, never write them down or send them via email. If you think someone might know it, change it.
  • Change your passwords regularly, maybe once a month, every six months or once a year.
  • Make passwords hard to guess, do not use family names, pet names, celebrity names or any word that is in the dictionary
  • If you think someone might know your password then change it immediately
  • Never disclose passwords via email – Email can never be guaranteed to be 100% secure, unless you encrypt your emails or you know for definite that the recipient’s ISP uses the same strict security encryption we do (SSL/TLS)
  • Be cautious of hoax calls asking for personal information, including your passwords over the phone. Most companies operate a question/answer policy whereby you decide the questions and answer. If they know the question, you know they are legitimate. This is how spies and armies around the world have operated for centuries (codeword – response method)

Step 3 : Strategies.

It’s always good to have a system. Simple password systems are notoriously hard to crack because only you know the system.There’s hundreds of easy ways to ensure your passwords are secure AND memorable, here’s a few ideas

The Fake Secret Question

If you forget your password, some sites will happily disclose this to a potential hacker by answering a simple question that may well be public knowledge. It may ask you for your mothers maiden name, the place you were born or your shoe size. Without knowing too much about you, it’s fairly easy to guess these if someone wanted to, especially if they had pieces of other information.

For example, someone wants to crack your hotmail password. Your hotmail address is barney0781_uk@. From this they know your name, you’re from the UK and you were probably born July 1981. If they then had your phone number, or just the code, they know where you live and that’s probably where you were born too. They’ve found your Facebook page too so they know all about you: your best friend, where you party, how tall you are, what color eyes you have…. See how easy it is?

The solution is fake secret answers…

Question: Where were you born  Answer: Benidorm (your favourite holiday destination instead)
Question: What’s your shoe size  Answer: brown (your eye color)

3-password strategy

The difficult part is remembering without writing them down! It’s sometimes helpful to have a system of some sort and then write down clues to that system until typing your passwords becomes second nature. You’ll soon find that these strange combinations of letters become second nature to type (they actually become easier to type than remember)

For example. Lets say you have 3 passwords.

Password1 – is for not important stuff, easy to type and easy to remember – “b4nana50“

Password2 – is a more secure version of my easy password – “18$b4nanan50£“

Password3 is much more secure and different to my others, use it for online banking – “$n4ilsr4sn0wwh1te?!” – the more random the better, who’s going to guess my password is “snails are 4 snow white” – even if I tell them how will they know to replace some of the letters?

Then, consider changing your passwords every six months or every year, even if only by one or two characters.

Different Password for each site strategy

Remember – some websites know that most people use the same password for every site so they will ask you to create a login username and password and then use that or sell that on to hackers.

The best advice is to use software where you can store your password (eg, Passpack, Lastpass, Keepass etc) and have a different password for every site you visit. Or have a system whereby you incorporate the website into your password so they are always different – like amaz!b4rneyru88le – the first four letters being the first 4 letters of the website you are on.

BAD Passwords:

“password” – it’s often the first guess.
“yourname” – or the first part of your email
“secret” – another common one
“oliver” – a member of your family’s name etc
“seaview” – your house or street name
“smith” – your surname or mothers maiden name
“mybankpassword” – you should try not to use the same password for email and banking – try to have at least two passwords, one really secure (8+ alphanumeric) and one secure and maybe easier to remember.

GOOD passwords:

The trick to creating a good, long but memorable password is to combine words and numbers memorable to you but that cannot be guessed by anyone else – and throw in the odd punctuation:

“?Ol1v3r” – a play on the word “Oliver”, you’ll see it uses symbols, numbers, letters and capitals.

“il1k3t4keth4t” – basically it’s “ I like Take That” in secure password form! Even if someone knew you liked Take That they would find it hard to crack this, whereas it’s something you can remember. Be warned that if you do like Take That, then perhaps securing your password is the least of your worries!

“£b4nanAr4mA£” – it’s “bananarama” with pound signs either side – but as you’d agree it would be difficult to crack and relatively easy to remember

“Sm1th25p0lly” it’s “smith” and “25″ and “polly” in one. Smith is your favourite actors surname, 25 is my mums birthday and polly is the name of your favourite childhood pet (for example)

Good passwords should be at least 8 characters long. The more characters the harder to crack or guess. If capitals are supported, like Mac OS users, throw some of those in too

Still need help? Contact Us Contact Us