Passwords form an essential part of computer, smartphone and online security but many of us are not keeping our passwords and therefore our information safe.

Here are Secure Thinking’s top 10 Password Security Tips:

1. Do not write down passwords

Writing down your password is a dangerous gamble. You’re hoping that the written copy won’t get lost or fall into the wrong hands. I’m astonished by the number of people I come across who write their passwords on post-it notes and stick them to their screens, or pin them on their wall.

It only takes a minute for someone else to copy it down, take it away or in the modern world take a snap with their camera phone.

2. Do not use a spread-sheet or document to store passwords

This is generally little better than writing them down. Spread-sheets and documents are not much more secure than a piece of paper and even “password” protected documents are only moderately difficult to get into for a serious hacker.

3. Do not communicate your password

Nobody should EVER need to know your password. It is yours so don’t give it to your colleague, your boss or the IT helpdesk – they don’t need it.

4. Do not use dictionary words, names, dates, places or pets

Dictionary words, names, dates, places and pets, even where you replace some of the characters with digits are the most common passwords and the easiest to crack.

5. Do use passwords of at least 8 to 10 characters

When it comes to passwords the longer and more complex they are the better they are from a security point of view. As a MINIMUM your password should be 8-10 characters long, preferrable 12-16 and more if you can manage it.

6. Do remember it’s computers not people that guess passwords

Too many people seem to believe in the Hollywood myth that people will try and guess your password. It’s simply not true. You don’t get some Tom Cruise look-a-like sitting at a keyboard trying to guess your password.

Instead the Tom Cruise look-a-like presses a buttom on a computer and it does the work for him. Computers are used extensively for password cracking and use dictionaries of known words, phrases and previously hacked passwords. They can test tens of thousands of passwords in seconds so you’re right when you think no one will guess you used “password3” – but the computer will!

7. Do not use the same password in multiple places

It’s really tempting and all too common for us to reuse passwords. We sign up for a new service which says “Enter your password:” and we instantly go blank – and use our Facebook, LinkedIn or Twitter password, because it’s easy for us to remember it.

The problem is that the “bad guys” know we all do this, they rely on it. Which is why they try to hack our Facebook, Hotmail, Gmail etc. Once they get into one system using our username and password they will try it everywhere else – online banking systems, email services, other social media sites and the more they can access the more they can steal our identities, post malicious content and programs online and socially engineer others into giving up their details too.

8. Do not email usernames and passwords together

This is just a simple precaution but generally speaking email IS NOT SECURE!

Email communications are frequently sent via the internet and can pass through many relays between sender and recipient. Each of these relays will “backup” the message before passing it on and you have no idea what happens to these copies of the email or who has access to them.

If you must send passwords and usernames to others it’s a good idea to use 2 separate mediums (SMS & email, phone & email etc.) rather than putting all your eggs in one basket.

9. Do use complex passwords

When you set a password it’s a good idea to use both upper- and lower-case letters (AaBb), numbers (0123) and where possible special characters (*$£&%!_-). Unfortunately not all applications allow special characters (and a few that don’t whould know better!) but they are becoming more common so at least try.

10. Do create a system for remembering passwords

There are many ways of setting and remembering complex passwords. If you have to keep track of large numbers of passwords then it might be worth looking at a tool such as KeePass which stores passwords in an encrypted database on your computer (we don’t advocate “cloud” services for password storage). If you do use such a system remember to set the master password or encryption key to something really strong – that way you’re not risking all of your passwords on something weak!

If you only have a few passwords to worry about then develop your own manual system. There are many options for this and you can have fun coming up with your own system.

Here’s are some suggestions for password systems:

Lyrics & quotes
Mn15MDMg4ncfl&ls2tteMA – Gladiator
4lsRsssl3lw4lthm – Dire Straits
N1th0hch$mb0b$m2$f – W. Churchill

Phrases
W3H4ppyf3wW3BandofBr0thers! – W. Shakespear
Th15L4dy’snot4turning! – M. Thatcher
Mo5tofour1mportscumfrom4broad – G.W. Bush

Systems
Topic based:
1loveb00ksfromh3r3 – Amazon
4ddsNO5ecurity4t411 – Verified by Visa
H0wd1dtheWorldmanageB4@? – Email

Suffix approach:
My$tdP455wd&£b00ks – Amazon
My$tdP455wd&£V154 – Verified by Visa
My$tdP455wd&£me@work – Email

Prefix approach:
b00ksMy$tdP455wd&£ – Amazon
V154My$tdP455wd&£ – Verified by Visa
me@workMy$tdP455wd&£ – Email

Please don’t use any of the actual passwords shown in this article.

Leave a Reply