In my work as a web developer, I often must ask my clients for passwords to various services, so I can help them with tasks such as creating PayPal buttons, adding Google Analytics, creating marketing emails, or just setting up an email or FTP account. I’m usually very impressed by the creativity people use in dreaming up memorable, yet secure passwords.
When I first began learning other people’s passwords years ago, it seemed like people were choosing very simple and easy-to-guess words, usually without any kind of number or character. But lately, we’ve all gotten a bit more sophisticated, and I’m happy that so many of my customers know the rules to creating secure passwords. Perhaps this has resulted from online services that don’t let you get away with “abcde” anymore. In fact, many require you to enter passwords with a minimum of 8 characters, and which includes both upper and lower-case letters and often a number or symbol as well.
So my best tips are as follows:
- Think about the level of security you need. What data is the password protecting? What will you lose if someone gains unauthorized access to the password-protected area? You don’t need the same level of security for downloading software from Company A as you need for logging into your home banking account. Come up with a hierarchy from throwaway to “Fort Knox”.
- Come up with a system. If you use the same logic in creating passwords, you’ll never be far from remembering them. Just make sure your system isn’t obvious or guessable.
- Change your password occasionally, especially if you suspect anything is amiss.
- If you have to resort to writing down passwords, use a shorthand and keep your passwords in a safe place. Don’t plaster your monitor with sticky notes full of passwords! Most passwords are compromised through social engineering, so be careful when you share them.
I like the idea of having four to six unusual words you combine into passwords, along with a few number combinations that can be added to the front, middle or end of your word combo. This makes it easier to remember or record safely. If you forget, there are only so many combinations to try.
For throwaway passwords, where you just need to register to see something, just pick a simple dictionary word. You should also have a throwaway email account for these, and any place you suspect you’re being asked for an email account for the purpose of getting spammed.
For more secure passwords, I’ve seen this technique used a lot: memorize a phrase and use the first letter of each word. Your high school English (or French) teacher probably supplied you with enough of these to last a lifetime. For instance, “That which we call a rose by any other name would smell as sweet”. Password=twwcarbaonwsas. Voila!
If you struggle to think of words or phrases on your own, look no further than Google. There are many good online password generators, both free and for a fee. There are also some good random word generators that let you choose the level of complexity and the type of word (verb, adjective, noun, etc.).
Use common sense when choosing and storing passwords. If your web developer likes them and your best friend would never have guessed them, you’re probably on the right track.