Choosing a good password is a difficult task, so how do you make a good password? What about hints and secret questions???
If you are like me, you will find passwords frustrating and you might be surprised to hear me admit I don't have that many. I actually have a good selection of strong passwords to various systems but my memory isn't what it used to be and living in the real world I'm as guilty as everyone else when it comes to recycling them. Does this make me a fool? No! It makes me human but then I also have the advantage of understanding the risks and how to minimise them.
In this post we will discuss how to pick a good password, what to avoid and some tools to help you keep passwords safe rather than storing them unprotected somewhere in a file. Follow the guidance and it can help you at home or at work.
Before we begin looking at what you can do, there is a more formal overview that you can see here: http://www.datalossprevention.co.uk/single-post/2016/12/29/What-about-passwords
OK, I'm all ears, I'm listening.
Ask different experts and you'll get different answers. Ask a techie or someone that doesn't really get people and you'll be told to use something like Gjs"tGKKXwjdosm8lP, useful right? Still, it is better than Password1 or 123456 which are still, in this day and age, two of the most popular passwords!
The last thing you want is someone guessing your password or, if you were unlucky enough to have a Yahoo! account, to have your password easily broken if it is stolen. I've been asked many times from people that have had their account broken in to for help or finding out who got access. More often than not, it was someone they knew such as a partner, an ex, a mischievous friend of a child. No matter who it is, it can leave you feeling really vulnerable and violated especially if they accessed something personal on Facebook, posted something nasty or changed your LinkedIn profile. I've seen people that have lost years of family photos after an ex decided to delete them. Now we've covered the why, now lets get to the what...
Picking a password
There is no one size fits all as different services & sites need varying levels of complexity and length. What you can do, however, is follow one of the very simple rules, we'll cover the don'ts at the end.
Length - make your password as long as possible, passwords of at least 12 characters will stand up much better than 8, especially if the secret hash is stolen such as in the recent Yahoo! incidents.
Use a passphrase - a passphrase is where you take a phrase from anywhere and turn it into your password. It could be taking the full phrase word for word or you could take the first letter from each word. Pick something random, anything that you can remember but would be hard for others to guess. Lets say you are a fan of Queen, if not, whats wrong with you? Take one of their many hits, pick a line such as Break Free. One of the lines is You're so self satisfied I don't need you.
You could make your password "You're so self", that's 14 characters, has mixed case and has two special characters (space and '). Pretty cool and easy to remember.
You could take all the first letters and get "YsssIdny", hmm, only 8 characters but still a very random set of letters so not too bad. You can look to add some special characters to it and more letters from the next line such as "Y'sssIdnyI'gtbf" using the ' where it would in the lyrics.
Combine random words - Using common words is a big no no when it comes to passwords but if you pick 3 or more and combine them together you end up with a really easy to remember and type password that is very very strong. The advice is so good, even the UK's National Cyber Security Centre publishes this as part of their advice, overturning years of advising on so called complex passwords that were hard to remember but easy for machines to guess. So, pick 3 words and join them together "Bradford" "fast" "colour" becomes Bradfordfastcolour. The combination could be anything so long as they are random and give enough characters
Randomise the mixed case - Most passwords require at least a mix of upper and lower case characters. Naturally we tend to make the first character upper case. Try mixing things up and putting the mixed characters randomly in your password.
Place the number mid password - As with mixed cases, when we use numbers we tend to put them at the end.
It can all seem a little daunting to use such big passwords but once you get into the swing of things you soon get used to them and they are easy to remember.
What about Two factor Authentication?
Two Factor Authentication, or 2FA, is where you usually have a password but you are then asked to add a random number or verify yourself via an app. Many sites including Facebook and LinkedIn offer this service free of charge. It is a good thing to use, if you are happy with them having your phone number or installing software on your phone/pc. If you take Linkedin's approach, if you enter your mobile number and turn on the service, whenever you log on from a new machine or try to change something on your profile, they send you a text with a code. You then have to enter that code to get access of for the change to be made, this could save you in the event someone gets hold of your password.
If a site offers 2FA, I'd advise you use it
Some password don'ts.
Don't make it something obvious like abc123, 123456, your name, your child's name etc
Don't just use the one password, if its guessed, they can get in to everything
Don't write them down or save them into a file on your computer, if you need to save them somewhere, look at some password tools such as KeePass (I wont recommend tools but something like KeePass is better than in a file)
Password hints, don't make them obvious. Sounds simple but I've seen people type their password into their password hint!
Secret questions - We're often asked to give answers to questions that only we would know but often we pick something that's relatively easy to find out, especially thanks to social media like Facebook! Why not lie in your answers? What is your mothers maiden name? Rather than Smith, put Jones. What is your favourite colour? Red? Not any more, it's blue!
Lastly, never ever share your password with anyone, especially your kids!