Keeping your data secure is more important than ever.
The process of choosing and remembering computer passwords has become such a modern cliché that it has effectively replaced the “mother-in-law” as the setup line of choice among comedians. The words “computer password” regularly elicit ripples of pre-emptive laughter from audiences, who can all recount their own horror stories regarding forgotten or obscure login credentials.
Here, we present ten tips for creating secure online passwords – not including the obvious recommendation to avoid using “password” itself…
- Don’t adopt a Lord of the Rings approach to passwords. Having one password to rule them all is an extremely bad idea; if one of your online accounts gets compromised, every other account sharing that password could potentially be accessed before you have time to react or respond.
- Equally, don’t use a different password for every single site. It would require an eidetic memory to recall the numerous alphanumeric strings required for the average person’s online footprint. Try to settle on a shortlist of three or four different passwords, or use (non-numerically increasing) variations on a particular word or phrase.
- Never pick anything obvious. If you support a particular football team, choosing the stadium name or star quarterback as your password is a weak choice that could be guessed by anyone who knows you (or who can view social media accounts). Conventional words can sometimes be guessed by automated dictionary-powered hacker algorithms like ‘John the Ripper’, so avoid any words that are printed in the dictionary.
- Err in favor of passwords that can be used in various locations. The gold standard among website registration forms is currently a password with between eight and 16 characters, using a combination of alphanumerics and potentially at least one symbol or uppercase letter. A password like “Secur1ty#” would be suitable for many portals.
- If inspiration deserts you, consider acronyms. ROYGBIV represents the colors of the rainbow, while GHMPGHGH comprises the initials of England’s 1966 World Cup final scorers, in chronological order. The latter is easy to remember if you created it, but almost impossible to guess if you didn’t.
- Don’t try to modify previous passwords by increasing the number on the end. Top Gear’s James May once famously remarked that nobody would ever guess his iTunes password was Carrot27. However, if someone had known his previous password was Carrot26, it wouldn’t take a huge amount of guesswork to predict its replacement…
- Avoid passwords with any embarrassment value. Your author went through a phase of using female body parts as passwords, which was fine until a hard drive failure necessitated spelling the password out over the phone in an office full of giggling colleagues. Password resets are stressful enough, without being embarrassing as well.
- Create bookmark reminders. It can be useful to put a reminder next to the dozens of website links in your browser’s Favorites or Bookmarks list. Never type out the full password – include the first two letters or a reminder only you would understand, like the password reminders many websites ask for when creating a new account.
- Finally, store your passwords online… A whole market has developed for password management software, where 2FA authentication can unlock a digital treasure-trove of security codes, usernames, IDs and passphrases. Some portals automatically sign users in, while others have multi-device synchronisation; market leader LastPass is increasingly being rivalled by the long-serving RoboForm and the upstart Dashlane.
- …Or store passwords offline. Any online password managers could theoretically be hacked, with potentially catastrophic consequences. Conversely, a diary in your desk is impervious to everyone bar thieves, who are unlikely to trawl through every notepad in your home looking for password lists. For impenetrable security, use paper files to host password reminders rather than the actual combinations themselves…