Every year, a provider of password management products called SplashData releases the 25 top most used passwords that appear on lists of stolen passwords released on the internet throughout the year. Some such as 123456. qwerty, baseball, letmein, access, trustno1, batman, dragon, or 696969 appear pretty prominently. Now, we hope reading that hasn't gotten you a bit shaken because I just guessed yours. Welcome back to #TechTuesday! This week we're going to talk about something basic and useful; how to improve your password security.
Simple, Complex, Easy, But Impossible
Creating a password has a few easy rules to remember when working on the design. It should be simple and easy enough for you to remember, but complex and impossible enough that it will not simply be guessed. Let's start with a few do's and dont's of password design.
- DO use a password of eight characters or more
- DO use mixed characters (letters, numbers, symbols, and capital letters) in your password.
- DO change your password frequently. Some security experts recommend changing as often as once a month for accounts that control money.
- DO use a password that will be memorable to you.
- DON'T use your birthday or birth year.
- DON'T use your children's names as a password.
- DON'T use swear words, hobbies, famous athletes, car brands, or movie names.
- DON'T use simple patterns (qwertyu, 1qaz2wsx, etc.) that are easily recognized on keyboards.
Now, some of these little rules seem pretty simple, but they are often the source of the most security breaches for many accounts. We get it, remembering a complex password can be difficult, and typing it in can be tedious and wasteful of time. But account security is important, and gets even more so when you consider what that account may have access to.
In addition to those rules, we also recommend never using the same password for all accounts. If for any reason that account is breached, you might have just opened yourself to all kinds of theft across many accounts now.
Now, here at S-FX we take our account security very seriously. While passwords can get tedious to remember the exact variation of every one for every account, we like to try to keep things visible and still hard to decode. So for example, a good password you might work on could look something like this: T3ch2esd@y. It keeps it as a phrase you are familiar with, while still having a proper layer of security. If you are having trouble with that, however, we do have another suggestion provided by Norton, the internet security company!
They suggest you create a password phrase. Something like "I Love To Read Tech Tuesday Articles". Next, you convert that phrase to an abbreviation by using the first letters of each word and changing the word "to" to the number "2" instead. Using our example, this would become "il2rtt". Finally, put the first and last letter of the website you are using as the first and last letters of your password phrase, and capitalize the last letter. So for example, we will use our own website "S-FX" with our phrase: "sil2rttX". This strategy creates a strong advantage of being a phrase easy to remember for you, while making it unique to each website. You can also enhance it with other symbols or substitutions on characters to really strengthen your security.
Be safe out there!