12 Tips for Making a Good Password

12 Tips for Making a Good Password

Banking websites, email accounts, instant message software and social networking sites like Facebook and MySpace all have one thing in common: passwords. Not having a good password makes it easier for hackers to break into your online accounts. Don’t feel bad though, because even businesses like Twitter.com aren’t above using a bad password.

Creating and using a good password is very important, but it’s only one layer of internet security and it’s certain not foolproof. Given enough time and computing power virtually any password can be broken. What we’re presenting is a list of several rules (suggestions, really) for creating a safe and secure a password without it being a big hassle.

First off is the don’t list. It’s one of those “including, but not limited to” things, so be sure to use your own judgment along with our suggestions. While no password is 100% secure, the more you can do to make it difficult to brute force, the better.

  1. Don’t use a single common word or phrase such as “password”, “qwerty” or “apple”. Anything found in a dictionary or is common knowledge is a bad idea. Also steer clear of abbreviations, movie names, book titles, etc. Use multiple words if at all possible.
  2. Don’t use a proper noun. Steer clear of using your name, the name of your kids or spouse, a state capital, etc.
  3. Don’t write it down. While you can argue that you have a secret/safe place that no one will ever find (under your keyboard, in your wallet, under a filing cabinet drawer, etc.) trust us… it’s not secret and it’s not safe. Keep that password in your head, not in your hand.
  4. Don’t use your password on a public computer. As tempting as it is to check your Gmail account at the library, you have no idea if anyone has installed a key logger or other password sniffing software. It’s safer to wait until you get home.
  5. Don’t give your password to anyone. Anyone. No site or service worth its salt will ever ask you for your password. Any attempt by a CSR, website, or even an email asking for your password is a scam, period.
  6. Don’t reuse a password. If you somehow have a password compromised (whether you know it or not), reusing a previously good password has now opened you up to trouble.

Next up is the do list. These tips are here to help you create not only a good password, but also to to make it difficult for someone else to crack it. Not easily, at least. 🙂

  1. Do make it memorable, but not easily guessed. Using a mnemonic, or memory aid, is a great way to remember passwords.
  2. Do use at least 6 characters. Use 8 or more if you can swing it.
  3. Do use more than one password. Each site or account, or at the very least the important ones (banks, etc.) should have it’s own, unique password.
  4. Do avoid sequences of letters or numbers. “1223334444” is an example of a very bad password.
  5. Do change your password. Every 3-6 months should be fine for personal accounts.
  6. Do feel free to be creative with spelling. There’s no reason you can’t do things like substitute an “i” with a “y” every now and again, use upper- and lower-case letters, and even use numbers, punctuation, or special characters if possible.

Sounds like a lot to have to think about, right? Actually it’s not as bad as it sounds; making a good password is more about common sense than anything else.

In closing, here are some samples of a good 8-character password. While the samples below are great for educational purposes, please don’t use them for your real password because that would go against the tip that you don’t reuse a password.

  • phU+$sHu: This is a combination of “foot” and “shoe”. Notice how the “f” is replaced with a “ph”, the “oo” with a “U” and so on.
  • Tyg3rtLE: This is a combination of “tiger” and “tail”. The “i” in tiger is changed to a “y”, “tail” was replaced with an alternate spelling (“tale”) and a vowel is removed to keep the password at 8 characters.
  • 2ND-d0*R: This is a combination of “second” and “door”. Similar character substitutions as the first 2 examples abound in this one, too.

Update: 12/27/2009 Mashable has a new article on banned Twitter passwords.

Image courtesy of paulorear

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

About Jon

Jon has worked in the tech industry since the pre-Bubble dotcom days and still has a 1200 Baud modem somewhere in his garage. When he's not advocating the use of strong passwords and being smart about social media, he's working on finding new ways to convince his wife that bacon is a vegetable which should be eaten with every meal.