This article is supposed to show what matters about passwords and what kind of mistakes people usually make. Advanced security methods, like two factor authentication are not part of this article. Always make sure that security software that you use is trust-worthy.
1) Use each password only ONCE.
Anytime, one of your accounts can be compromised. It is not even up to you: Often times databases of web portals or smartphone apps get hacked.
The attacker will likely try to use your account data on different web sites.
Let’s assume for example, that the credentials for your account of the local newspaper get compromised. It might not be too big of a damage: Someone is now able to illegally read the newspaper for free.
But the damage gets much bigger if that person is able to now also read your emails (using the same credentials as in the newspaper account). Probably that person will find personal data, addresses of friends and is also able to gain access to multiple other accounts by using the “Forgot password”-option.
2) Do not use a dictionary.
If an attacker tries to guess a password, he or she will likely use the “dictionary method”.
Words from a dictionary will be used to guess an eventual password. This also includes first names, car models, sport clubs and much more. Adding a number or replacing a letter with a number won’t fool the attacker’s program.
So please avoid passwords like Chris123, D0n4ld or BMW323.
3) Do not use logic.
Often times passwords contain logic patterns. Attackers know this and take advantage of it. Even if it helps you remembering, try to avoid logic in your passwords.
Using letters in alphabetic or keyboard-layout order or using easy number sequences is generally a bad idea.
Therefore, passwords like abc123, qwert987 or 24681012 are easy to guess and should not be used.
4) Size does matter!
We knew it: Size does matter. Using a one-digit password with only numbers will give us 10 combinations of possible passwords. (0, 1, 2, 3…9) If we use two digits, we could have 100 possible combinations. (00 up to 99)
With each digit that we add to our password, the strength increases exponentially. If you use 5 instead of 4 digits, then the safety of a password didn’t only increase by a quarter or a factor one. It increased 10-fold. When we use other digits besides numbers, this effect will increase.
More possible combinations will make a password harder to guess.
5) Numbers, upper-case letters, lower-case letters and special characters
There are 26 upper-case and 26 lower-case letters and 10 numbers. This equals 62 possibilities.
Special characters can increase this even further. The hindsight is, that some web portals do not allow all special characters. Therefore it makes sense to check if special characters are allowed in each password you create.
Generally speaking, the more types of characters you are using, the safer your password becomes.
6) Store your passwords in a safe place.
All our carefulness can be worthless if we write down our passwords on a piece of paper that is right on the desk where any guest or colleague has access to.
If it has to be written down to paper, then store the paper in a safe location.
Storing passwords in an encrypted database on your computer is even safer. Free software like Passwordsafe, Revelation or KeePass will allow this. Most of this software will run on Windows, Linux and even on smartphones with Android or iOS.
Practical hint: Use a password generator.
The internet offers a good number of password generators. Some of them can be used in the browser directly. They will create a secure password automatically.
Previously mentioned password managers will most-likely have a password creation function included.
Examples
Here are some examples for good passwords:
9rZb#7LU6Es#UxEU
!pQEqfXaAXDa%6-n&@M&S$Z
ns6cs34fjRWWL7xhNq3c6Dnc6MkNcXme
Please be aware, that all of this informations and/or tutorials come without any type of warranty.