Creating Curiously Strong Passwords
Choose a couple of words that aren’t directly related to each other but that you can remember. (e.g. ball, dog)
Change one or more of the letters in the words to upper-case letters, numbers or symbols. (e.g. bAll, d0g)
join the words with one or more non-alphanumeric symbols to get the final password. (e.g. bAll@$d0g)
Choose a song lyric, quote or other sentence that you will easily remember. (e.g. “There is no place like Nebraska”) Take the first letter of each word. (e.g. TinplN) Change one or more of the letters to a number or symbol, or add a symbol or number to the beginning or end. (e.g. T1npINE!)
Here are a few tips on picking a secure password:
NEVER use a blank password, the word ‘password’ / 'Pa$$w0rd' or have the password be the same as your username, especially if you’re connected to a network. These are generally the first three items guessed by attackers.
Avoid using keyboard combinations, such as ‘asdf’, ‘qwerty’, ‘123456’ or ‘aaaaaaa’ as these are also frequently guessed very quickly.
Don’t use easily guessed personal information, such as your name, birth date, family members’ names (including pets), Social Security number, license-plate numbers, phone numbers, or anything you’ve shared via social media.
The next thing an attacker will probably try after guessing the most common passwords is a dictionary attack. To avoid this, don’t use a normal word as your password. Some dictionary attacks will even check variations of words like using numbers in place of letters (such as replacing the letter o with the number 0) or having a number or symbol at the beginning or end of the word.
After a dictionary attack, about all the attacker will be left with is trying a ‘brute force’ attack, trying every combination of letters, numbers and symbols. Most will have given up and gone after an easier target by this time, but using more types of characters, such as upper-case letters, lower-case letters, numbers and symbols will make it a much, much longer process to crack your password.
Since we’ve covered what not to do, here are tips for passwords that will be reasonably secure, but not impossible to remember:
The longer your password, the more secure it is, generally speaking.
Use a password of at least eight characters and try using a pass phrase.
Lastly – a few more tips:
- Change your password often
- Don't use the same password on multiple sites
- Treat your password like your credit card number – would you post your credit card number on your monitor?
- Don’t share your password