Update on Secure Passwords

June 24, 2019

We all know that when we set a password, it should be a secure password. That means it should be at least 8 characters long. It should contain upper and lower case letters, at least 1 number, and at least one symbol. In addition, we are told that it shouldn’t contain names, dates of birth, telephone numbers, addresses, or even words in the dictionary. That makes the password very secure, but impossible to remember.

To back track a bit, you need a secure password to protect you from two different types of threats. The first threat is someone trying to guess your password based on information about you. This could be a hacker, but could also be a friend, family member, thief, or someone that somehow got access to your computer. That’s why your password shouldn’t contain any information about you like your name, date of birth, address, phone number, etc.

The other threat is from what is called password cracking. This is a program that can figure out your password. A password cracker will figure out your password. It’s just a question of how long it will take it. The more complex your password, the longer it will take it. If it’s going to take 10 years of computing to figure out your password, then the hacker will stop the crack long before it figures it out.

Recently, some security experts have been saying that all of those rules for passwords are no longer needed. They are saying there is one main rule to follow when creating a password. That is for the password to be really long. Let’s look at an example. Using the old password rules, we might come up with a password like “ZG$6k#K!”. Yes, it’s secure. But it’s hard to remember. And if you have several passwords like that, it’s even harder to remember. Using what they now suggest is just is good, we can create a very long password that we can remember. An example of that might be: “IWantToTravelBackInTimeToMeetAbrahamLincoln”.

The only reason it’s secure is because it’s so long. However, that’s actually easier to remember than that first cryptic password I listed. You still shouldn’t use famous quotes, names, or any information about you like DOB, address, or phone number. But you can still use memorable sentences. You can still throw a number or symbol in there to make it even more secure too. In another example, let’s say you need to set up a password for Amazon.com. You could use a password similar to this: “LoggingIntoAmazon.comCostsMeMoney$”. Even without the dollar sign, it’s a strong password. But with it, it’s even better.

The only drawback to this strategy is that if you don’t type very fast, it can take a while to enter a long password like this. And there are more opportunities for typos. In addition, even though these passwords are more memorable than the old cryptic ones, most of us are still going to end up writing them down so we can remember which password goes with which website.

If you do adopt this password strategy, then please remember the other password rule still applies. That is, you should use a different password for everything. No exceptions! Why? Because if you use the same password for everything, if one thing gets hacked, they all get hacked. If you use a different password for everything, then if something get’s hacked, the other ones are still safe.

If you write your passwords down on paper, make sure you hide it well. Don’t leave it out in plain sight. Don’t hide it under your keyboard. Don’t put it in your filing cabinet under “Passwords” or “Computer.” Come up with a good hiding place.

If you create a Word Document or Excel Spreadsheet with your passwords in it, don’t call it passwords. Come up with a code word for it. In addition, did you know you can put a password on a Word Document or Excel Spreadsheet? You should put a password on a file like this. Of course, that password should follow standard password rules and should be something you will remember.

When coming up with a password, there are websites that will tell you if your password is strong or not. My favorite is https://www.roboform.com/how-secure-is-my-password. Go there, type in a password to see how good it is. If you have trouble thinking of a good password, they also have a password generator. Go to https://www.roboform.com/password-generator to generate a password. You can specify the length and what types of characters to include.

One Response to “Update on Secure Passwords”

  1. Good information Drew. Thanks. Cathy

Leave a Reply