One of the most important things you can do to protect your information online is to select a good password. It is often a daunting task to come up with a unique password that is not easy to guess, but it can be done. One of the simplest methods of creating a random looking password that can be remembered is to find a phrase that is 8 or 10 words long and then take the first letter of each word.
For example, take the phrase “A Fool and His Money are Soon Parted“. Taking the first letter of each word, we come up with “afahmasp” which makes a relatively random password that is eight characters long. You can improve the security of this password by randomly capitalizing letters such as “aFahMasP” or by replacing on of the letters with a number such as “a4ahMasP” or even just adding a dash in a strange place like “aFahM-asp”.
Alternatively, you can use a random password generator (such as this one) to create a completely random password, although these types of passwords are infinitely harder to memorize. The harder a password is to memorize, the more likely it is that people will write down the password. I can’t tell you the number of times I’ve been to a client’s office and while working on their computer discover that their passwords are written down on yellow post-it notes and stuck to the front of the monitor. While the password may be secure online, if someone were to get access to the office, their entire online life could be exposed. However, there are some cases where you need secure passwords for rarely accessed systems or files and a random password generator could be the perfect solution.
Sometimes, learning how to create secure passwords maybe be just a matter of learning what bad passwords look like and avoiding those passwords like the plague. A company called SlashData recently released its annual list of worst passwords and we thought it might be helpful to provide the top 25 worst passwords to you as a guide for helping to make your online life more secure:
If you happen to find your favorite password on this list, don’t tell anyone! Just login and change your password to something more secure. Avoid your children’s names and special dates such as birthdays and anniversaries. Spend the time required to find something easy to remember and yet hard to guess and you’ll go a long way toward protecting yourself online.
Consider developing three different passwords of increasing levels of security. Use the least secure and probably easiest password to remember on websites and applications where security is not that important but a password is required. Use the next most secure password on important sites such as vendor websites and places where you want or need more security such as ebay or Facebook. Finally, keep your most secure password for use with banking or money related websites such as stock brokers and other financial institutions.
This plan creates multiple levels of security and ensures that if your most used and least secure password is cracked by someone, the only access they will have is to low-level non-critical websites or applications. It also means that if they do crack one level, they must start over to crack the next level before they get access to your most critical information.
UPDATE 05-30-2013: We are seeing a lot of hackers attempting to guess passwords by including all the years between 1960 and 2013. For example, we recently saw an email hack attempt where they combined the user’s name and 1960 and tried to use that as a password. Next, they tried the user’s name and 1961 and so on, all the way to 2013. So, we have updated our recommendations that you should not use birth dates, hire dates, death dates or any other date related directly to you in any way shape or form as part of a secure password. You could however, pick a date in history say prior to 1900 and work that date into your password. But, we think the best alternative is to avoid dates of any kind as part of your password.