Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months, Clifford Stoll
What should your password be like?
- Passwords are meant to be secret and personal. Do not share it with anyone for any reason, and if you have done it, change it.
- Passwords should not contain your username, your first, middle or last name, your spouse or child’s name, your pet’s name, any personal information. Some hackers use social engineering techniques to find out our passwords.
- They should not be short and simple, nor too long, just for the sake of convenience. A 8-12 characters should be the minimum size. Remember that long passwords are harder to guess and crack than short ones.
- Don’t use common words, phrases, or reverse spelling of words (“hello”, “olleh”), important dates (birthdays, anniversaries, etc.), phone numbers, your home’s street name, acronyms, names of famous people or fictitious characters, etc.
Using these passwords is a very bad idea: password, passw0rd (the old trick of changing the vowel “o” for a zero is not enough); 123456 or any consecutive numbers; iloveyou; 111111, 000000, admin, qwerty, shadow, password1, etc. Please be more creative!
- Use uppercase (A, B, C, D, etc.) and lowercase (a, b, c, d, etc.) letters, numbers ― at least two ― and special characters, such as @, !, #, $, etc.
- You should not reuse your password on many different websites.
Use Password managers and virtual keyboards (they are more difficult to hack than monitoring real keystrokes) to prevent keylogging (it is the act of recording key presses on a keyboard). Password managers are used to keep all your passwords safe. They store and manage all your passwords, so you don’t need to try to memorize a bunch of unique, complex passwords for all of your personal and work accounts. You only need to remember one password, the one to your password manager. They can generate complex passwords for you. You can also set your password manager to log in to sites automatically.
Some examples are:
- KeePass is a free open source, light-weight and easy-to-use password manager.
- BitWarden is an open-source password manager. The free version of Bitwarden offers the core features you need in a password manager. You can get a Birwarden vault with unlimited passwords and sync across all your devices.
- LastPass was the most popular password managers on the market, but it is no longer the best free plan. Their users can no longer sync their passwords between multiples devices.
- Pass is a free, simple, and popular password manager. It has a command-line interface.
- Other options: 1Password, Dashlane, and RoboForm.
Your passwords should be memorable so you don’t forget them, and yet you need to make sure that they are complex enough to protect your accounts. There are common substitutions like $, S or 5 for s/S; 1, Eye, or ! for i/I; @ for a/A; 2 for to; 7 for t/T; 3 for E/e; 0 for o/O; and 8 for b/B.
Besides, you can create a password from phrases, quotes or verses with character substitutions:
- How much money do I have? becomes Hm$dEyeh? where “money” and “I” have been replaced by $ and Eye respectively.
- John 3:16, “For God so loved the World”, J3:16FGsltW, J[3-16]FGsltW, J3-164GsltW where 4=For, or J[3-16]4GsltO because the World is Round “O”, isn’t it? Besides, God is one and three at the same time, so G = 13, and our password becomes J[3-16]4=13sltO.
- “The answer to the ultimate question of life, the universe and everything is 42”, T@2tu?0ltu&e=42 where @(a), 2(to), ?(question), 0(o), &(and), and =(is). You can remove the article “the” for convenient’s sake, @2u?0lu&e=42 or even @2z?0lOO&e=42 because the universe is infinite (u = OO) and z is the last (ultimate or final) letter in the alphabet.
- You can always be a little more creative, e.g., “Happiness is when what you think, what you say, and what you do are in harmony, Mahatma Gandhi” generates :)=thinkSayDo where we use an emoji, too, :) (happiness), = (is), and the three main concepts related to happiness: think, Say, and Do.
- “Now you’re just a stranger with all my secrets” becomes Nyj@#w@ms:( where @(a), #(stranger), and :( because it is such a sad quote, isn’t it?
After that, you could find a way to change up your password so that you are not using the same password on different websites, applications or services. You can add one, two or more letters to the end, beginning or the middle of the master password that defines or marks the website, e.g., Google, GoJ[3-16]4=13sltO, J[3-16]4=13sltOGo, J3:16FGoGsltW.
Even better, you can count up the number of letters, vowels or consonants that appear in the name of the website or service, e.g., Google, Go6J[3-16]4=13sltO(Google has 6 letters), Go3J[3-16]4=13sltO (Google has 3 vowels and 3 consonants); Facebook, Fa8J[3-16]4=13sltO (Facebook has 4 letters), Fa4J[3-16]4=13sltO (Facebook has 4 vowels and 4 consonants).