Choosing a good and secure password can be daunting. If your Password is too complicated it may be hard to remember or type in, choosing something too simple can leave you extremely vulnerable.
This FAQ is meant to provide you helpful tips, and to aid in educating you how to create a secure password. We will talk about how Passwords are cracked, how hackings occur, as well as general things to avoid doing when making a new password.
Helpful links and FAQS:
The most commonly used passwords on the web
How to check if your e-mail has been a part of a data breach
The Space Bar - Your Secret Weapon
One amazing trick in creating a good password is one that is not widely known or practiced – simply insert a space into your password. Spaces don't count as characters, which means programs that attempt hackings and crackings don't actively attempt to use them. "Password1234" is a horrible password, yet "Password 1234" while still bad is much better than the previous one, and finally "Password 1 2 3 4" now you're just getting crazy! Still don't use that, because it's bad. But you get the idea.
Best Method: Use Whole Words
The best and most unexpected method for having a secure password is rather simple – take a phrase with some spaces and you have a nice secure password. An example would be "Rocket Cars Go Fast!" this is easy to remember, gets around password cracking programs by using spaces, has capitals and contains a special character. There are plenty of these out there, but below are some other examples:
"The Bus I ride home is #252"
"Mark my words, 1 day I will fly!"
"3 Dogs went skiing? Without fathom!"
"We are the #3 planet from the Sun"
Please don't use any of those, I know they're good! But please don't use them.
Creating a Password: What to Avoid
When creating a password, you should ALWAYS avoid using any of these listed here.
These are things likes "Password" or "123456" or "1111111" these passwords are surprisingly used more often than many people think and can easily lead to a data or security breach. In addition to that for us, please personally avoid using "Connor", "Connor Group", "ConnorGP" or any part of our firm's identity your user name.
Do I even need a New Password?
A good rule of the thumb is to change your password every 6 months, if not at least once a year. Think about it, the older your password the more chances it could have slipped into the wrong hands at some point. Frequently changing your password can keep the bad guys guessing and keep your and others data secure. Using one password across everything is also a no-no, if someone were to break your e-mail password they can potentially get into everything else you use. An example of this is if you heavily use Gmail and someone breaks into that, they can now see websites you might have logins on, places you may have ordered food from, bank statements, etc.
Then they can go to those sites, type in your e-mail address and request a reset, which is likely sent right back to your Gmail or worse, which uses the exact same password you used in the first place.
A good website to have on hand to check if you've ever been compromised is https://haveibeenpwned.com – by using this link, and entering your e-mail you can find out if you've ever been part of a data breach, if your password is floating around out there and/or what data breach you have been a victim of.
How are passwords cracked?
So how are passwords cracked?
Contrary to popular belief having your account hacked isn't usually done by a person. At least not directly, very few breaches are the result of someone in front of a keyboard making educated guesses. Hackings are usually done by running computer scripts or programs designed to try hundreds of words and combinations in seconds until they find the magic one. Most Data breaches such as the Target breach, or Equifax breach were likely the result of a program inputting common words or word & number combinations until they finally got one that worked. It also must be said, never ever write your password down and stick it on your laptop, monitor, or anywhere nearby your computer.
Outdated Ideas
Many websites have password requirements, usually these are things like inserting a capital, a number and having a specific length of characters. Many online articles also back this up that the most secure password is having symbols substitute letters or throwing random numbers at the end of passwords and at one point this was true and a good way to have a secure password. However, there are pitfalls to this being:
- Capital letters will most likely be at the beginning of your password
- Subbing 0 for the letter O or @ for the letter A is extremely common
- Numerals will likely end up at the tail end of passwords
On the other side of that making a complicated mess of a password with random capitals and numbers instead of letters, you might forget that until you commit it to memory, muscle or otherwise. Which means soon after you make that password you may very well forget it and must reset it to something else. So again, knowing what we know on how passwords are usually hacked, while these would take more time and would be more difficult, eventually these might be hacked as well or easily forgotten causing you to have to go through a reset process and make another new password.
In Review
So, to review all that we learned – Creating or changing a password is not nearly as difficult, time consuming or hard to remember as many think it is. With the tips in this FAQ to give you some ideas on what to use, what to avoid and tricks to try you can have a secure password that isn't a jumble of letters and numbers that you can easily remember. Congratulations! Here is a comic to summarize from XKCD: