Create and use strong passwords that you can actually remember
With hacking and security breaches becoming increasingly prevalent, everyone storing private information online needs to take their password security seriously. There is an abundance of information available on creating secure passwords, but it can easily start to feel pretty daunting to try to follow all the rules.
Here’s a list of common password tips from an infographic on Mashable, Is Your Password Really Protecting You?
- Make your password 8 characters or more
- Use a mix of all 4 character types
- Choose a password you’ll remember
- Test your password (many sites will give you a score indicating how secure your password is)
- Set up a password recovery method
- Change your password twice a year
- Use public information (like your birthday)
- Use complete words
- Write your password down
- Use the same password for multiple accounts
- Log in to private accounts on public computers
- Tell anyone your password
Considering this infographic also states that average person visits 25 password protected sites regularly, following all of these rules is fairly unreasonable. Remembering 25 different, secure passwords is a Herculean task even if you come up with really clever mnemonics for all of them. You’ll end up spending half of each day resetting all of the passwords you forgot into new, secure passwords that you’ll forget the next day.
This is the vicious circle that password managers like LastPass and 1Password were made to circumvent. Using a password manager allows you to create tons of unique, secure passwords while only having to remember one. These solutions are definitely a practical way to keep your password security standards high, but some people don’t feel comfortable putting all of their eggs is one password basket.
If password managers aren’t for you, and practicality dictates that you don’t try to follow all of the rules above, then it comes down to finding the right balance of what’s easy to remember and hard to hack (and possibly sharing some passwords for sites storing less private information).
The Carnegie Mellon computer science department recommends this method for creating a password:
Make up a sentence you can easily remember. Some examples:
- I have two kids: Jack and Jill.
- I like to eat Dave & Andy’s ice cream.
- No, the capital of Wisconsin isn’t Cheeseopolis!
Now take the first letter of every word in the sentence, and include the punctuation. You can throw in extra punctuation, or turn numbers into digits for variety. The above sentences would become:
Not the easiest to remember and a little painful to type on a regular basis, but a nice balance of secure and memorable.
Another option, featured in xkcd, advocates using passphrases made up of four, common words rather than seemingly more complex, shorter passwords that follow a predictable pattern. It also argues that passwords that follow all of the common rules from the Mashable infographic, may not be all that hard to hack after all.
This comic sparked all kinds of conversations questioning whether the math was accurate and picking apart the assumptions that the cartoonist made to make his calculations. The general consensus was that he made a valid point, regardless of whether his entropy calculations were spot on or not.
If you are curious about information theory and password hacking, do a search for ‘xkcd password strength’ and read away – interesting stuff.
At this point, you may be wondering why we have just given you a bunch of suggestions that seem to contradict each other. Well, password policy is highly subjective; there is no one right answer. The methods listed here are just meant to help you define a personal password policy that meets your security and convenience needs.
If all of this information is just too much to digest, there is one fairly undisputed ‘most important’ security truth.
“In general, the longer a password is, the harder it is for somebody to guess or brute-force it,”
– Carnegie Mellon professors.
So, if nothing else, aim for creating really long passwords that are easy for you to remember.