You hear it all the time: use strong passwords, and ensure that you use a different password for each site you visit. Why bother memorizing a password like Qr3w-68O-V02%pA when it’s so much easier simply to use one password for everything?
Sure, doing this may be tempting, but it’s one of a number of unsafe practices.
So what are the pitfalls to avoid when creating passwords, and what are the key characteristics of a strong password?
If you use the same password to log in to multiple websites, it may be leaked, and less-than-honourable people could then use it to access your other accounts. Then again, even if you do avoid using a single password for every site you visit, you may still engage in bad habits that put your information at risk.
- Don’t use weak passwords.
Weak passwords such as password, default or blank can be easily guessed or broken with a hacker program that uses a dictionary assault on the password.
- Avoid substituting numbers for letters.
Passwords such as F1av0r, where 1 is used in place of l and 0 in place of o are too short and easy to guess.
- Don’t keep lists of passwords by your computer.
Why invest in a home security system or multiple deadbolts if you’re simply going to hang your keyring by the front door?
- Avoid logical capitalizations and combinations.
RedTruck$456 is fairly obvious: it uses a dictionary phrase in which each word is capitalized properly. There’s only a single symbol. All the numbers are at the end, and they’re in an easy order to guess.
- Don’t use passwords that include simple words or numbers that relate to your life.
A password such as MaryKate1967, while long, can be easily guessed if it lists a family member, birth year or other identifying information.
Strong passwords are characterized by
- a minimum length of 12 characters; in fact, the longer your password, the better
- absence of words found in the dictionary or of combinations of dictionary words
- lack of any ties to your personal information
- a mix of uppercase and lowercase letters, numbers and symbols
You don’t need to memorize cryptic strings of random letters, numbers and symbols to incorporate the above guidelines into your passwords: you simply need to create memorable passwords that are hard to guess.
- Use short phrases that include shortcut codes or acronyms.
Use phrases that mean something to you such as 0cean$_11^Fi1m (a reference to the movie Ocean’s Eleven) or 1Corin13:4=7 (Bible verses).
- Use passwords with common elements, customized for different websites.
Start with a thread common to all, then modify as appropriate for the sites you visit. For example, you could use Abt_2uz_AMZ! (about to use Amazon) and Abt_2uz_Fb! (about to use Facebook).
- Play with your keyboard.
Don’t simply look at your keyboard as a series of keys; use is as a slate to draw on. For instance, 2WsxDr5TgbHu* is difficult to remember unless you know that it forms a W shape on your keyboard.
- Add emoticons.
Although some websites limit the kinds of symbols you can use, most allow a broad range. Make symbols easy to remember by turning them into emoticons to boost password strength. For example, you might use $Pwrd;-)_TD^Bnk as your password to access your online banking with TD Canada Trust.
- Use a memorable sentence as a starting point.
Creating a memorable password may be easier if you begin with a sentence. For example, describe the first time you met your spouse: “We walked along 42nd Street and took in a $10 movie.” Turn this sentence into a password by using the first character of each word. The password would then become Wwa42S&ti$10m. To remember this password, you just need to remember the sentence.
How secure are your present passwords?
Account Takeover (ATO) attacks have become an extremely lucrative business for cybercriminals, especially since many people tend to use a single password to log in to multiple sites and services. Hacked and leaked passwords, and the contents of past data breaches are openly available. As such, even novice hackers with little or no knowledge of traditional hacking techniques can compromise your computer, or your customer- or employee-facing accounts.
Strong passwords may not keep you safe from all online threats, but they are an important first step. In addition to the tips in this article, we also recommend
- avoiding phishing sites
- changing passwords regularly
- using a password vault to store your passwords
- using unique passwords for every site or service
- keeping your computer safe from password-capturing malware
- evaluating your password and finding out whether you’ve been exposed
At Digital Link, we’re committed to providing our clients with timely advice to ensure their online safety and privacy. Contact us today to learn more about our cybersecurity services.