Safer Passwords

One of the most frequent complaints I hear from people is “My facebook/email/myspace/whatever, got hacked”. Sometimes this is due to a virus/trojan but usually it’s down to one simple thing, a weak password.
The idea of this guide is to help you pick a good password and, hopefully, keep your data safe.

In an ideal world a good password should be a long string of random, mixed, uppercase and lowercase letters, numbers and symbols. Something along the lines of mqi1@sVR501!azp{flly935£D2xTubfS7V38J&Qci#oG1 should do the trick.
Can you spot the problem with that? I thought you would, it’s just impossible to memorise and most websites have limits on how long a password you can use. Some even dictate whether you can use symbols or not, which just shows how much they care about your security.

So how are we going to make your password as secure as possible?
First let’s go over a few guidelines to good password security.

It shouldn't be a real word. It definitely shouldn't be “password”.
You should use different passwords for different websites.
Your passwords should change regularly.
It should be a random mix of letters, numbers and symbols.

So there’s the guidelines, but how do you make a good password that will be easy to remember and hard to crack?
One trick that I’ve found useful is to set some rules and stick to them. Here’s an example set of rules.

The second and last letters are always capitals.
Replace the letter B with the number 8
“A” and “T” together are spelled @

So if you decided to use the word cabbagehats as your password, following those three rules it would be spelled as cA88ageh@S. Which one do you think is more secure? Exactly, and that’s just a simple trick to do.
Now how do we make a different but memorable password for every site you have to log into? An easy way to do it, if not the most secure, is to insert the initials of the site halfway through the password. You can use capitals if you want or a mixture, just remember that the rules still apply.
So if you wanted a password for Gmail you just stick GM into your password.

Let’s try that with our old friend cabbagehats but just to shake things up a bit we’ll pretend you want to log into your BlogSpot account. So then your password would be cA88age8Sh@s.
Does that look secure enough for you?

Another useful, and even more secure, tip is instead of using a word to apply your rules to,
 instead use the initials of a memorable phrase.
I’ll demonstrate.
It’s not much fun trying to remember all these passwords. That’s the memorable phrase by the way.
So that breaks down to the initials I,N,M,F,T,T,R,A,T and P which will give us, after applying the rules above, iNmfttr@P pretty tricky eh? Especially when we use it for BlogSpot resulting in iNmft8Str@P. 
Did you notice how I used the 8S to split the repeated letters? That’s always a handy way to decide where to stick the site hint.

Remember I mentioned that passwords should be changed regularly? Well the easiest way is to just stick the initial letter of the month on the end of the password. Or the beginning. Or put the first and last letters at the beginning and end or..... well you get the picture. the idea is to give you the tools and let you set your own rules, it’s your password after all.

I hope this guide has given you enough of an insight into password security to help keep you and your data safe. One final useful tip for you, always check your password strength using one of the many online password testing sites. You can find plenty with a quick “google”.
Good luck and stay safe.

ps. NEVER give your password out to other people.



This one could be controversial so start some debate over at The Howdyverse Backchat Blog