Here are a few tips for creating strong passwords. Take a moment to review these, and consider strengthening some of your passwords if they fall short.
-Create unique passwords that that use a combination of words, numbers, symbols, and both upper- and lower-case letters.
-Do not use your network username as your password.
-Don’t use easily guessed passwords, such as “password” or “user.”
-Do not choose passwords based upon details that may not be as confidential as you’d expect, such as your birth date, your Social Security or phone number, or names of family members.
-Do not use words that can be found in the dictionary. Password-cracking tools freely available online often come with dictionary lists that will try thousands of common names and passwords. If you must use dictionary words, try adding a numeral to them, as well as punctuation at the beginning or end of the word (or both!).
-Avoid using simple adjacent keyboard combinations: For example, “qwerty” and “asdzxc” and “123456” are horrible passwords and that are trivial to crack.
-Some of the easiest-to-remember passwords aren’t words at all but collections of words that form a phrase or sentence, perhaps the opening sentence to your favorite novel, or the opening line to a good joke. Complexity is nice, but length is key. It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, it’s increasingly affordable to build extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.
-Avoid using the same password at multiple Web sites. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.
-Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.
-Whatever you do, don’t store your list of passwords on your computer in plain text. My views on the advisability of keeping a written list of your passwords have evolved over time. I tend to agree with noted security experts Bruce Schneier, when he advises users not to worry about writing down passwords. Just make sure you don’t store the information in plain sight. The most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you. If you forget your password, most Web sites will email it to you (assuming you can remember which email address you signed up with).
-One thing to note about password storage in Firefox: If you have not enabled and assigned a “master password” to manage your passwords in Firefox, anyone with physical access to your computer and user account can view the stored passwords in plain text, simply by clicking “Options,” and then “Show Passwords.” To protect your passwords from local prying eyes, drop a check mark into the box next to “Use Master Password” at the main Options page, and choose a strong password that only you can remember. You will then be prompted to enter the master password once per session when visiting a site that uses one of your stored passwords.
-There are several online third-party services that can help users safeguard sensitive passwords, including LastPass, DashLane, and 1Password that store passwords in the cloud and secure them all with a master password. If entrusting all your passwords to the cloud gives you the creeps, consider using a local password storage program on your computer, such asRoboform,PasswordSafeorKeepass. Again, take care to pick a strong master password, but one that you can remember; just as with the Firefox master password option, if you forget the master password you are pretty much out of luck.
FAQs
At least 12 characters long but 14 or more is better. A combination of uppercase letters, lowercase letters, numbers, and symbols. Not a word that can be found in a dictionary or the name of a person, character, product, or organization. Significantly different from your previous passwords.
What are the do's and don'ts of passwords? ›
Dos & don'ts of managing passwords
- Use BOTH upper and lower-case letters.
- Use numbers and special characters. ...
- Create different passwords for different accounts and applications.
- Change your passwords every few months.
- Keep them to yourself. ...
- Consider using a phrase or a song title as a password.
At least 12 characters long but 14 or more is better. A combination of uppercase letters, lowercase letters, numbers, and symbols. Not a word that can be found in a dictionary or the name of a person, character, product, or organization. Significantly different from your previous passwords.
What is the most common password mistake? ›
Here is a list of the most common mistakes made when creating passwords:
- Using less than 10 characters - secure passwords should contain 12-16 characters.
- Putting numbers at the end of your password instead of throughout your password.
- Using pop culture references like "maytheforcebewithyou" or "sk8erboy"
The Ten Golden Rules of IT Security
Never share your password. Always use strong passwords and create a different password for each account. A password manager can help you generate and administer passwords. When possible, use two factor authentication to protect your accounts in the event of password leaks.
What are the top 5 passwords to avoid? ›
What are some passwords I should avoid?
- 123456.
- admin.
- 12345678.
- 123456789.
- 1234.
- 12345.
- password.
- 123.
Password Best Practices
- Never reveal your passwords to others. ...
- Use different passwords for different accounts. ...
- Use multi-factor authentication (MFA). ...
- Length trumps complexity. ...
- Make passwords that are hard to guess but easy to remember.
- Complexity still counts. ...
- Use a password manager.
Repeated Characters or Patterns: Passwords that consist of repeated characters (e.g., “111111”) or simple patterns (e.g., “abcd1234”) are considered weak because they are easy to guess or crack using automated tools.
What is the strongest password example? ›
Password: m#P52s@ap$V
This is a great example of a strong password. It's strong, long, and difficult for someone else to guess. It uses more than 10 characters with letters (both uppercase and lowercase), numbers, and symbols, and includes no obvious personal information or common words.
What are your 7 best tips for creating a strong password? ›
7 Tips for Strong and Secure Passwords
- Think of your User ID as a secondary password. ...
- Use a pass phrase instead of a password. ...
- Use enough characters: If you don't use a pass phrase, make your password at least 12 characters long.
- Numbers, capital letters, and symbols make passwords more challenging to guess.
Something simple, short and predictable. Astonishingly, those are also the characteristics of the world's most common online password, which is 123456, according to online password management company NordPass.
What's the worst password? ›
National Cyber Security Centre
Therefore, strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols, such as punctuation. They should be at least 12 characters long or even lengthier.
What is password etiquette? ›
Don't tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself. 6. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
What is the hardest password to get? ›
Use a combination of at least eight letters, numbers, and symbols. The longer your password and the more character variety it uses, the harder it is to guess. For example, M0l#eb9Qv? combines upper- and lowercase letters, numbers, and symbols, making a unique and hard-to-guess password.
What is a magic password? ›
Passwords are only one (obsolete) way to handle authentication. Magic utilizes one-time passcodes to grant access. Delivered through email, these passcodes are time-bound tokens that enable authentication without having to store and maintain passwords.
What is not allowed in passwords? ›
Special characters, including the following are not acceptable: (){}[]|`¬¦! "£$%^&*"<>:;#~_-+=,@. If you do use a disallowed character and the system does not recognize your mistake you will not be allowed to use the password or username to log into your account later.
What should you never include in a password? ›
Obviously, things like your name, phone number, date of birth and address are to be avoided. Avoid common words. Don't ever be tempted to use one of those common passwords that are easy to remember but offer zero security. e.g. "password", "letmein" or key sequences that can easily be repeated.
What words should you not use in passwords? ›
Don't use any word that can be found in the dictionary - even foreign words. Try to avoid using passwords with double letters or numbers. Some of the worst passwords are: password, drowssap, admin, 123456, and the name of your company or department.
Is it safe to keep passwords written down? ›
Is it a safe way to manage passwords? One thing is sure – passwords on sticky notes can quickly become annoying, especially when you or your colleagues forget where they put them. But what about safety? Passwords written down on a sticky sheet or kept in a notebook are a relatively safe way to manage passwords.
