You probably know by now that using passwords like ‘abc123’, ‘password’, ‘12345678’, ‘letmein’ and ‘qwerty’ is not a good idea. If someone were to try to hack into your account, those are the first ones they’d try. You don’t want to make it that easy for them, do you? Did you also know that reusing the same e-mail address and password combination for multiple sites is equally bad? This webcomic explains it well.
Basically, using the same e-mail address and password combination on multiple sites makes you vulnerable. Imagine if someone hacks Facebook and gets a hold of the e-mail/password combination you use there, with that same combination they could take over your e-mail account, your twitter account, your paypal account or whatever other major service you use that e-mail and password with.
So what is the most important factor for safe passwords? Length. Closely followed by making sure it consists of both upper and lower case letters, numbers and symbols. It takes longer to break a 25 character password than it does a 6 character one, and adding symbols and numbers makes the password more complex which also makes it more difficult to break. And of course, use different passwords for each site you use.
Create your own password algorithm
A great way to create memorable yet strong passwords is to come up with your own algorithm for creating them.
Below you will find a number of different steps you can incorporate into your own password algorithm. Pick the ones that make most sense to you and combine them to create your own, unique algorithm. Keep in mind that, ideally, you want the output to always be at least 12-15 characters long so that you don’t create passwords that are too short.
- Take a phrase you love and abbreviate it into a few characters. Take the first letter from each word and combine, or the last letter from each word. Use both upper and lower case letters. You can even substitute words for numbers if it works with your phrase.
Ex. The phrase “To be or not to be, that is the question” can be turned into 2BoN2BtIsTq, or TbOnTbTiTq or tbontbTITQ, OeRtOeTsEn (last letter of each word).
- Use the names of your immediate family, or the names of your cousins or aunts. Use the first few letters of each name, or if you have many names, use just the first letter.
Ex. The names of your siblings (Sarah, John, David and Maria) can become SaJoDaMa or SJDM
- Create your own nonsense word to use in all your passwords
Ex. canalalemo, noodeloodelel, fabricasitones, or supertastic
- Take a city you love and write it backwards, use both upper and lower case letters.
Ex. New York becomes kroywen, or KrOyWeN
- Add punctuation based on the top level domain names (.com, .net, .co.uk, .org, etc.)
Ex. Use a * for .com, # for .net, – for .co.uk and ! for .org
- Use the second level domain name of the site and remove all the vowels (use both uppe and lower case letters)
Ex. Google becomes GgL, Facebook becomes fCBk or FcBk
- Use the second level domain name to come up with a number, count the total amount of letters, the vowels or the consonants
Ex. Google has 6 letters, Facebook has 4 vowels and Twitter has 5 consonants
- Use the first 2-3 letters (or the last) of the second-level domain name
Ex. Google can become Goo or GLE, Facebook becomes FAC or ook, and Twitter beomes Twi or TeR
- Always exchange one letter for another letter or number
Ex. change all instances of the letter S to 5, O (letter) to 0 (number), J to L, A to V, or V to U
- If you have multiple accounts with one service provider, use your username to come up with part of the password
- First three letters of your username
Ex. sarah.johnson becomes sar, or sarjoh
- First letter of your username and number of letters in the username
Ex. sarah.johnson becomes S12 (not counting the period)
- First and last letter of your username
Ex. sarah.johnson can become either sn, or shjn, or sh.jn
- First three letters of your username
- Add a special character every five or ten letters, or after each part of the algorithm
An example algorithm could use a phrase you love (2BoN2BtIsTq), punctuation based on the top level domain (*), number of vowels in the domain name (3) and the first three letters of the domain name (goo). And for an account on Google that could amount to a password that looks like this:
A different algorithm could look like this: a city you love, domain name minus the vowels, punctuation based on the top level domain, a number based on the domain name, names of your family members. The password for an account on Twitter would then end up looking like this:
When you’ve created your new password test its strength using one of the free tools I’ve added links to at the bottom of the entry. There’s also tools that will help you generate random passwords if you don’t want to create your own algorithm.
Still find it difficult to remember all your passwords? Use a password manager to keep track of all your log in information. I personally use LastPass to store my passwords. LastPass works with all the major web browsers (Chrome, Firefox, Explorer, Opera and Safari). You install it as a browser extension and then you can access and save passwords as you go. The free version only works on desktop computers; if you want to be able to use the apps for your mobile devices you will need to upgrade to the premium version.
When it comes to picking a password for a password manager you should definitely go with a complex, long password. You want the password safeguarding your other passwords to be as strong as possible.
Top 5 Password Managers
Check your password strength