But we need to anyway
My work email system has been bugging me for a few days that my password is about to expire. I hate changing my password, but do realize in today’s world it has become quite critical to come up with secure passwords and change them often. But how do you create a good password?
Without giving anything specific away, do you have a method you recommend? I used to think I was clever. Here’s what I DON’T do any more: make passwords from common words or names and simply swap out some letters with characters that look similar, like “sh@nn0n”.
So a while ago I did some research on ways to come up with a better password. I’m certainly no expert, and would love you to share any good ways you’ve heard of creating and remembering a good one. Since I have to change my password today, I thought I’d share my process.
What I do now is come up with a sentence that I can remember, for example: “Three blind mice see how they run.” This I turn into “3Bm$#tr.” Okay, it’s certainly not the best password, but it’s much better than most I used in the past. Of course, don’t use a common quote.
Make up your own sentence. Something you can remember, e.g. “My baby girl Sally is one year old” becomes “MbgSi1y0”. Have a favorite book? Use the third sentence in the third paragraph in the third chapter to create your password. Just be sure you can remember or look it up easily.
Once you’ve picked it, make one or two letters upper case. Then change one or two letters to be numbers. And insert one or two non-alphabetic characters, e.g. .(period), !, *, %, &, or #. A few sites restrict use of non-alpha characters, but if they allow it, they increases security greatly.
A few other suggestions:
The longer the password the better; with at least eight characters a minimum. Do not tell anyone, do not write it down, do not save it in a file, etc. Even if someone can guess the words, it will still be hard to guess your password. Putting it on a sticky note on the front of your computer, though, is a very bad idea.
Clearly, don’t construct a password from your name, family names, addresses, phone numbers and such. Also don’t use words one would find in the dictionary, as some password cracking software starts there. Oh, and writing words backwards doesn’t help. If you can think of it so can they.
And don’t use the same password for different sites. If you do and one site is compromised they all are. I know it’s a pain, but they all need to be different. At least if you must use only one, make it a good one, and add a site specific letter, e.g. insert an extra “f” for Facebook or “y” for Yahoo.
If a website uses password recovery questions, if possible create your own. Don’t use things like your mother’s maiden name or what city you were born in, etc. Too easy for people to find! And use different questions on different sites, so if one is compromised, they all aren’t.
Okay… enough stalling. I need to go create a new password for my email. Do you have any recommendations on a good method?