Choosing Passwords
How often do you get asked to choose a password and do not have a clue where to start, After reading the following tutorial you may feel it's time to update all those old passwords you have been using for the last decade.
Good passwords are:
Good passwords are:
- Unique - Do not use a password you already use for another account, such as your bank account PIN.
- Difficult to guess - Do not use common words or names, at least 8-characters long & made up of both lower and upper-case letters, numbers, and symbols.
THE DO's:
Mix it up:
Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess.
Use the entire keyboard, not just the most common characters. Symbols typed by holding down the "Shift" key and typing a number is very common in passwords.
Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
Mix it up:
Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess.
Use the entire keyboard, not just the most common characters. Symbols typed by holding down the "Shift" key and typing a number is very common in passwords.
Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
Do Make It Longer:
Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be eight or more characters in length; 14 characters or longer is ideal.
The less types of characters in your password, the longer it must be.
A 15-character password composed only of random letters and numbers is about 33,000 times stronger than a 8-character password comprised of characters from the entire keyboard.
If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.
Use A Pass Phrase:
Many systems also support use of the space bar in passwords, so you can create a phrase made of many words (a "pass phrase"). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.
Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases are to write them down.
Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected to remain secure and effective.
In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers.
Use more than one password everywhere:
If the computers or online systems using this password is compromised, all your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.
Keep your passwords secret:
Treat your passwords and pass phrases with as much care as the information that they protect. Do not reveal them to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions.
Protect any recorded passwords:
Be careful where you store the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect.
Never provide your password over e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more.
Change your passwords regularly:
This can help keep criminals and other malicious users unaware. The strength of your password will help keep it good for a longer time. A password that is shorter than eight characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.
Use these steps to develop a strong password:
- Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as "My son Aiden is three years old."
- Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.
- If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you've created to create a new, nonsensical word. Using the example above, you would get: "msaityo".
- Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspellingAiden's name, or substituting the word "three" for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become "MySoN Ayd3N is 3 yeeRs old." If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might produce a password like "MsAy3yo".
- Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of "MySoN 8N i$ 3 yeeR$ old" or a password (using the first letter of each word) "M$8ni3y0".
- Test your new password with Password Checker. Password Checker is a non-recording feature on Microsoft's site that helps determine your password's strength as you type http://www.microsoft.com/protect/fraud/passwords/checker.aspx.
The Things To Avoid:
Bad passwords include:
A complete word from any dictionary (English or other), your login name in any form (as is, reversed, capitalized, doubled, etc.), common names, such as the names of family members, pets, or friends,
based on any information easily obtained about you (e.g., license plate numbers, telephone numbers, employer, school name, automobile brand, street name, etc.) all with the same digit or letter (this significantly decreases the search time for password cracking software), any obvious sequence of characters (e.g., 123456), obvious to anyone watching you enter them (such as "qwerty").
Do Not use only letters or only numbers:
Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard does not help make secure passwords.
Do Not use names of spouses, children, girlfriends/boyfriends or pets, phone numbers, Social Security numbers or birthdays.
Do Not use any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is the first thing criminals will try.
Do Not use the same word as your log-in, or any variation of it.
Do Not use any word that can be found in the dictionary — even foreign words.
Do Not use passwords with double letters or numbers.
Avoid using only look-alike substitutions of numbers or symbols:
Criminals and other malicious users who know enough to try to crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
Avoid dictionary words in any language:
Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.
Avoid using online storage to store passwords:
If malicious users find these passwords stored online or on a networked computer, they have access to all your information.
Do not type passwords on computers that you do not control:
Computers such as those in Internet cafes, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires an user name and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect.
Finally:
NEVER leave it blank. That is a surefire way to let the bad guys into your system.
How to gain access and change your passwords:
Online accounts:
Web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as "my account") somewhere on the site's home page that goes to a special area of the site that allows password and account management.
Computer passwords:
The Help files for your computer operating system will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection on startup of your computer. You can also try to find this information online at the software manufacturer's Web site.
What to do if your password is stolen:
Be sure to monitor all the information you protect with your passwords, such as your monthly financial statements, credit reports, online shopping accounts, and so on.
Strong, memorable passwords can help protect you against fraud and identity theft, but there are no guarantees.
No matter how strong your password is, if someone breaks into the system that stores it, they will have your password. If you notice any suspicious activity that could show that someone has gained access your information, notify authorities as quickly as you can.
