Passwords – Dos and Don’ts

Passwords are one of those necessary evils to keep evil away. The number of digital threats is growing by the second, and while not all of them rely on getting your passwords, that doesn’t mean there aren’t many that do.

So what are you to do? You shouldn’t use the same password in different places- all of your passwords should be different by more than one digit (“welcome01” isn’t much better than “welcome”, and “welcome02” is even worse). You can’t go writing them down just anywhere. They shouldn’t all be listed in a spreadsheet (and no, locking the spreadsheet doesn’t pass for encryption).

While we don’t have the answer, we do have a couple of suggestions.

First is to find a pattern that helps you remember your passwords. The ideal password is long and complex, to slow down brute force password crackers and keep human brains from guessing them. The old standard is 8 or more characters with a combination of at least one upper case letter, at least one lower case, one number and one special character (!@#$%^&*:;<>?). These are easy enough to create, but typically tough to remember. 

One option is a master password combined with variations of random numbers- a single complex password followed or proceeded by two or three digits. When you change it, go up by the same amount each time- let’s say 2. For example, your master password could be mYcOdE#; when you made a new password, you could make it something like mYcOdE#102, and for the password after that, mYcOdE#104.

You could also use a number and character sequence as your master- for example, mYcOdE#104 on your Facebook and MoNdAyS@SuCk#104 for your LinkedIn.

Another standard that works for some people is to pick three words that mean something to you, but aren’t related. You could use the color of your car, your father’s name and the street number of your office- you’ll end up with something long and complex, yet memorable to you. 

Try different things, but make those passwords tough and change them often.

Once you have your passwords, you need to store them somewhere. Paper can work, because it isn’t hackable, but don’t put your account name and the passwords together, and be aware of any company privacy policies or physical security issues.

Another possible solution is a little tool we use called KeePass. It’s a free application that you install on your computer that will allow you to store your account and password info in an encrypted database; used with another application called KeeForm, you can double click on an entry to open a browser window and instantly log you into whatever account you clicked on. It can be set up on a USB memory stick, so you can carry it with you, and it will allow for multiple copies of the database to be synchronized- so if you lose the USB, you’re not out of luck.

Of course, there’s a lot more to security and being safe on the internet than simply passwords, all of which we can help you with- so if you have questions, give us a call.