CompuClever Blog

How to create a safe password

by

Practically every day we hear about email and bank accounts getting hacked, mostly because of  “password entropy”: we often don’t bother to change passwords frequently, the passwords we do have are easy to crack, and we often use the same password for multiple accounts.

  • Length: Passwords should incorporate 8 or more characters.
  • Complexity: Include letters, punctuation, symbols, and numbers.
  • Change your passwords often: Change the passwords for your email, banking, and credit card websites about every three months.
  • Variety: Don’t use the same password for everything. By cracking one password it’s easy to find out where you do your online banking etc.

How to create a strong password:

  1. Start with a sentence: Create a strong safe password
  2. Remove the spaces between the words in the sentence: Createastrongsafepassword
  3. Intentionally misspell some of the words: Cre@teas7rongs@fep@$$word
  4. Add length with numbers: Cre@teas7rongs@fep@$$word2112

Extra hints:

Try Microsoft’s secure password checker.

Never create passwords that incorporate:

  • Plaintext or “dictionary words” in any language (that’s why we modified our password with numbers and symbols).
  • Words spelled backwards, common misspellings, and abbreviations.
  • Sequences or repeated characters such as 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
  • Personal information: Your name, birthday, driver’s license, passport number, or similar information.

Where do you keep all this information?

  • Some people rely on pieces of paper to store passwords, but this can be inconvenient.
  • You can also store passwords in a text file on a USB drive
  • There are also password storage services and programs, but these have some drawbacks:

Desktop password managers and browser based password managers are convenient, however often do not provide any protection for stored password. If the computer is on, it is possible for another individual to access the password manager and read the user’s password. This situation is improved slightly by requiring the user to enter a password to access the repository, however if the passwords are stored in an unencrypted fashion, it is still generally possible to obtain the passwords given local access to the machine.