How To: Create Good Passwords


Few would object to the statement that passwords are a part of our everyday lives.  Between computer passwords, email passwords, chat passwords, banking passwords, and all of the other passwords people use, the average human is sure to encounter numerous password dialogs several times throughout a normal day.  Most people think nothing of it, but the fact of the matter is what you type in said dialog boxes – your passwords – are truly important.

It’s not all that uncommon to hear about security breaches and data leaks in large organizations and websites.  Because of this, some people feel that the security of their personal login credentials are out of their control.  However, this article is going to go through some general password tips to help ensure that your online identity is properly secured and ultimately less prone to compromise.

One of the biggest problems people have with passwords is the fact that they’re too weak.  For example, after a major password leak in January of this year, it was discovered that the top five most common passwords were “123456″, “12345″, “123456789″, “password”, and “iloveyou”.  Further, it was concluded that most accounts could be broken into within one-hundred and fifty tries.  Asides from this, many people use standard English words as their password, giving hackers the potential to use a method known as a dictionary attack, in witch every word in the dictionary is systematically tried as the password.  What does this all mean?  Simply put, this means you need to choose more complex passwords, preferably with upper and lower case letters, number, and special characters such as the dollar sign, ampersand, or at symbol.  Doing so will make it much more difficult for someone to guess or systematically crack your password, and ultimately helps to keep your identity safer.

To help you set secure passwords, many websites give your proposed password a “security ranking” to determine if it is a strong enough password to prevent easy guessing.  While many people choose to simply ignore these password meters, it is important to realize that following their guidelines helps to better secure your online identity.  Additionally, it’s important that you realize that longer passwords are not always better.  A sentence (such as “iloveyou”) is no where near as strong as a secure password.

While using different passwords may seem like a major challenge because of the need for memorization, it is important to realize that password managers such as the multi-platform KeePass can truly make password management a much easier task; no matter how many accounts and passwords you have.

Additionally, you may consider using a password generator such as the Gibson Research CorporationPerfect Password” utility.

Another thing that people often do is use one password for all of their login’s across different sites, networks, and systems.  This being, even the most complex password is of no use when it is leaked.  For example, if you used the same password for everything, an intruder who compromised your Facebook account for example, could use the same password to log into your email, your banking, etc.  Using different passwords for different services and sites serves as a form of damage control, as you ultimately isolate what an electronic intruder can do with his or her new-found information.

Changing passwords every so often is also a good way to eliminate the risk of compromised accounts.  Many workplaces have network-wide policies that require that their users change their passwords every two or so months in an effort to increase overall security.  This principal can be applied to personal passwords and login’s as well.  The rationale behind this concept goes without the need for great explanation, but changing passwords prevents a hacker or electronic intruder from using an out-dated password to access your information, and ultimately reduces a hacker’s window of opportunity to use a stolen password.

Many services such as Google’s Gmail allow you to view an access log of your account access.  Doing so gives you insight as to when and where your account is being accessed, and more importantly, if it is being accessed by someone other than yourself.  Monitoring your access logs for anything that seems irregular is a great way to determine if your account has been compromised, and if it is necessary to change your password.  While this example illustrates Gmail, many other websites and services offer similar services, even going as far as offering the ability to lock-out or disable your account after multiple failed password attempts.

Lastly, even with strong and unique passwords, you should be cautious of using public or shared computers or networks, as doing so may put you at a greater risk of someone sniffing your password via methods such as a key-logger.  Doing so can help to prevent your passwords getting leaked in the first place, and ultimately eliminate a lot of headaches down the road.