When it comes to online passwords, most people have no idea how to create strong ones. Many people use easy-to-crack passwords: pet names, birthdays, and common dictionary words. Additionally, they rarely ever change their passwords.
Along with that, a lot of people use the same password for every site they’ve signed up for. You may not think the password to your webmail account is valuable but anyone that might steal your information can use it to send spam and ruin your online reputation. More seriously, you may have entered the same password at an online banking site, or a site where your credit-card number is stored for easy ordering, such as Amazon.
You can see whether your current passwords are rated “strong” by using Microsoft’s online Password Checker.
What makes a strong password
To an attacker, a strong password should appear to be a random string of characters. The following criteria can help your passwords do so:
Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.
Many systems also support use of the space bar in passwords, so you can create a phrase made of many words (a “pass phrase”). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.
Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:
• The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.
• Use the entire keyboard, not just the most common characters. Symbols typed by holding down the “Shift” key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective.
Dos and don’ts to keep your passwords safe
Do change passwords frequently. Don’t reuse old passwords. Password managers can assign expiration dates to your passwords and remind you when the passwords are about to expire and generate new passwords for you for a site.
Don’t use passwords made up of dictionary words, birthdays, family and pet names, addresses, or any other personal information. Don’t use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.
Don’t use the same password for different sites.
Don’t use the “remember me” or automatic signin option available on many Web sites. Have your password manager fill in the information for you.
Don’t enter passwords on a computer that’s not yours — such as a friend’s computer — because you don’t know what spyware or keyloggers might be on it.
Don’t enter a password or even your account name in any Web page you access via an e-mail link. These are most likely phishing scams. Instead, enter the normal website address for that site directly into your browser, and proceed to the page in question from there.