Posted 12th November 2014 • Security • #resources
As time goes on, there are more and more and more accounts we have logins for. With the web being tied in to just about everything these days, it's important to keep your data secure, and the first line of defence is having strong passwords. There are all kinds of conditions and limitations on websites on what you should and shouldn't have in your passwords: uppercase, lowercase, length, numbers etc. Here are just a few basic guidelines that I've picked up along the way and some resources you might find helpful in keeping your accounts secure, and your passwords safe.
The single most important factor in password security is the length.
Keep passwords at least 8 characters long. Most of my passwords are about 20 characters (more on that later), although some websites will force them to be between 8 and 12. The longer the password, the longer it takes to crack.
Using a mix of uppercase, lowercase, numbers and symbols will increase the complexity of the password and make it harder to crack.
Avoiding weak passwords
Avoid all of the following when creating passwords:
Over the years I've used a number of ways to remember passwords. I used to use a phrase that I had more or less picked out of thin air, then modified it slightly depending on which website it was for. This worked for a while but there's a risk that if someone does discover what that phrase is and works out the pattern for how you alter it, you lose access to all of your accounts. It's only a little more secure than using the same password for each site (which you should NEVER do).
The answer to that problem is that you use a completely random string of numbers, letters and symbols as a password which is different for every account you have. However, unless you have super hero memory powers, this is impractical.
If you don't have superhero powers, use a password vault.
To make up for the lack of super powers (one day they shall be mine!), I started using a password vault. A password vault is either hosted online or stored on your computer and is unlocked by using a master password; a single very strong password that you use to log in to the vault which contains all your passwords. You then use randomly generated passwords for all your accounts, and you don't need to remember them. This means that even if someone manages to break one of your passwords, they still have no clue what the others are. Here's an example of what some of my passwords look like: