10 Password Safety Tips + Bonus Tip



login and password

login and passwordHardly a day passes when we don’t hear a news report about an online bank or email account that has been broken into. Sometimes these security breaches compromise the private and/or financial data of thousands or even millions of people. Failures like this make many people fearful to bank or shop online and use the Internet. However, in spite of the dangers, there are things we can do to significantly minimize our risks and protect ourselves within this electronically connected environment.

Just as a chain is only as strong as its weakest link, online security systems are only as strong as their weakest component. Considering they are created by “us civilians,” passwords are often this weakest link. A weak password jeopardizes the entire electronic security “chain” that protects our online banking, email accounts, and other personal Internet-based data.

The job of a password can be likened to the authentication protocol used at the guarded entrance of a secure military base. In this example, the password is the coded message or credentials that must be presented to the sentry to be allowed to proceed into the base. The sentry will not allow anyone to pass who does not possess the proper credentials or password. Since easy-to-lose credentials or an easy-to-guess password makes vulnerable the entire base (or computer system) it was designed to protect, that means careful thought needs to go into developing passwords of sufficient strength to withstand unauthorized entry attempts. The good news for Internet users, however, is that it is possible to better protect ourselves and enhance our electronic security and privacy by using more sophisticated and stronger passwords.

Here are ten password safety tips designed to make it harder for electronic thieves to access your Internet accounts and ravage your privacy, account information, and personal records:

1. Don’t use dictionary words.

A strong password is one that contains a sufficiently random series of characters that are difficult for another person (or computer) to guess. In fact, the name password is a bit of a misnomer since a strong password should not even be a real word. Since Internet thieves often use unscrupulous software designed to “guess” your password using massive electronic dictionaries, your password should not be a dictionary word in any language. The more varied your password, the harder it is to guess.

2. Longer is stronger.

A strong password should ideally be made up of a long mix of characters. Many security experts suggest that a password of eight characters should be the minimum length. Since each additional character dramatically increases your password’s strength, most recommend even longer passwords and suggest 12 or even 14 characters for better safety. (If you want to feel powerful and stay ahead of the times then go for 16 or even 20 characters!)

3. Randomly use the whole keyboard.

A strong password should ideally be made up of a long mix of uppercase and lowercase letters, numbers, and special characters including keyboard symbols when possible. Thus a password should not be all letters, all numbers, or as stated above, it should not even a real word. Instead, a password should be a random mix of all these elements — anything on the keyboard is fair game (unless the system you are making the password for won’t allow special characters). Don’t forget the “shift” key to make more complicated character symbols (such as ~ + | { @ } # ^ ). Many systems will also allow you to use spaces and underscores in your password.

4. Create easy-to-remember (but hard-to-guess) passwords.

Non-words and random “gibberish” keystrokes, while making for a stronger password, are difficult to remember. However, there are some techniques that can help you remember hefty passwords. You can do this in a couple of ways. When developing their password, many find it helpful to think of a sentence or phrase they can easily recall. You can take the first letter of each word in this phrase or sentence as your base and then add and/or substitute some numbers and symbols into this series to make your password. Or, you can go to step #10 for professional assistance.

5. Avoid common mistakes.

Just as short passwords are weak, repeated characters in passwords (such as AAA or common sequences such as 12345) might be easy to remember but are not as secure since such keystroke patterns are easier to guess.  Don’t use your login or username as your password. Likewise, don’t use anything personal such as your name, your pet’s name, your spouse’s nickname, your Social Security number, etc. in your password. Again, be sure to use long, random passwords that are not dictionary words.

6. Test your password’s strength.

Let’s say you created a password that you think is strong enough to protect your information. How do you know if it is really good enough? Thankfully, there are some great free online tools to conveniently and privately test your password’s strength online. For example, the Microsoft Password Tester is a free online tool that lets you enter your existing or proposed password into a text box for a real-time analysis of the password’s strength. Since this tool provides an instant gauge of your password’s strength as you type, you can see how very important extra characters, symbols, uppercase and lowercase letters, and numbers are to the password’s overall strength.

7. Keep them secret.

Since your password is your access key to what could be extremely valuable data, guard it carefully. Don’t share it with others or enter it in front of strangers or those you can’t trust. Don’t write your password down and carry it around in your purse or wallet. Don’t store it on your computer (or cell phone) in an unencrypted file or on a sticky note attached to your screen. Beware of sharing passwords over email, instant messenger, or the phone — these systems are rarely secure. Also, beware of letting your web browser “remember your password” unless you can protect that computer from unauthorized access by others (some web browsers let you set a master password to the web browser’s password file which provides additional security). Log out of your accounts after you use them to prevent others from accessing your personal information. Since electronic criminals can use keystroke recording devices to capture exactly what you type, don’t type your sensitive passwords into public computers like those found in airport kiosks, hotel business centers, Internet cafes, and school computer labs.

8. Use different passwords for each account.

Don’t use the same password for all your electronic accounts. If a criminal steals your one password then all your accounts using that password are instantly vulnerable. Instead, increase your electronic security by giving each account a strong, random password of its own. While this may seem cumbersome at first, it’s much safer in the long run (and much easier than trying to change all your accounts if your one password was ever compromised).

9. Frequently change.

It is wise to frequently alter or change your passwords. Many security experts recommend changing passwords at least every three months. Following this routine tends to increase the randomness of your electronic footprint and that is a good thing from a security point of view. A habit of frequent password change can also reduce the risk caused by accidental exposure of your password at any level: it effectively removes a potentially compromised password and replaces it with a new one.

Regular password variation also allows you to keep up with the times by continually updating and increasing the strength of your passwords. As more powerful computers are produced each year, the need to enhance your password standards with stronger, longer, and more sophisticated character mixes increases.

10. Use a password generator.

Overwhelmed yet? Creating strong passwords is a fairly complex process made much easier with a password generator, a software tool or web app designed to create passwords. Good password generators include options to make strong passwords that are random and varied with a long series of uppercase and lowercase letters, numbers, symbols, and other keyboard characters. There are a number of good password generators available online. For example, a handy, free password generator from PC Tools is well-worth saving to your favorites and using regularly.

Bonus Tip: Save your sanity (and your passwords) with a password manager.

If you use all of these suggestions, you’ll end up with potentially dozens of well-formatted, strong passwords that are very difficult to remember, especially since most online retailers require a login and password for shopping. Keeping track of that many strong passwords is virtually impossible without a password manager. A password manager program or app can keep track of them all easily and securely. With a password manager all your passwords are stored in a specially encrypted software vault. And perhaps best of all, you’ll just have to remember (or record in a safe place) one strong password – the one that unlocks your password manager. Most password managers also include strong password generators so you can perform all the above points in a single step!

Several free basic password managers exist including KeePass Password Safe (open source) and Norton Identity Safe. Commercial password managers often include fancy web browser plugins, convenient form fillers, and nifty features to auto-login to your various web accounts. Popular options include LastPass (free or $12/yr. premium plan), Dashlane (free or $19.99/yr. premium plan), RoboForm ($29.95), 1Password ($49.99; family plans available), and Kaspersky Password Manager ($24.95; Windows only).

In short, a password manager is well worth the investment in setup time and cost. It also might preserve your sanity by sparing valuable brain cells from the unsavory task of multiple password memory.

In conclusion, don’t neglect your passwords. Effectively your first line of defense, build them long, make them strong, and keep them random. Don’t forget to test them and change them regularly. If you consistently do all ten of these things then you will increase your personal security and reduce your Internet risk. Also, you will have enhanced your personal security chain by removing what likely had been the weakest link.


Editor’s note: This article is represents a significant update to our previous Nine Password Safety Tips post. Prices noted were accurate as of July 2013. Image courtesy of digitalart / FreeDigitalPhotos.net.

2 Responses to "10 Password Safety Tips + Bonus Tip"

  • Mike Allen says:

    Regarding the bonus tip of using a password manager, there’s an interesting article from TechRepublic looking at the safety of password managers. After reading “How safe are online password managers?” what do you think?

  • Yong says:

    You could certainly see your skills within the work you write. The world hopes for even more passionate writers like you who aren’t afraid to say how they believe. All the time go after your heart.


Leave a Reply