Creating Memorable & Secure Passwords

From Netflix to banking, passwords are the primary security measure to securing your accounts – and our employers too. It is no wonder why we have password policy shoved down our throats! The balance between having a memorable and secure password still hasn’t been perfected by most of us, and good practice needs us to have a unique password for every site or service to protect our online accounts.

How Does a Password get Hacked?

The main reason for securing passwords should be to avoid password hacking, but have you ever considered how people hack your passwords?

Brute-force and dictionary attacks repeatedly attempt to login to your account as many times as possible. Hackers often publish passwords after a successful attack so it is easy to list of the most common passwords with a simple Google search. The “RockYou” Dictionary has a collection of over 23 million real passwords obtained during the data breach of the RockYou social media company. Credential stuffing is the method used to compare leaked passwords to intelligently guess your password for a particular site. 

A different method takes advantage of the need for multiple passwords in which hackers introduce fake password manager apps. For example, when storing passwords on iPhones you may look to download a third-party password manager. This is a brilliant idea, as long as you ensure the app is from a trusted source. The best apps for securing passwords are made by companies who you know wouldn’t benefit from your bank account. Even then, I don’t even store my passwords with google.

Find out if your Passwords have been Stolen

One way to test password security is to check if they have previously been stolen. Mozilla’s Firefox Monitor and Google’s Password Checkup can show you which of your email addresses and passwords have been compromised in a data breach so you can take action. Have I Been Pwned can also show you if your emails and passwords have been exposed!

The Importance of a Strong Password

A strong password helps you to: 

  • Keep your personal information safe
  • Protect your emails, files, and other content
  • Prevent someone else from getting into your account

One of the biggest mistakes in online etiquette is assuming you’re not a worthy target. A hacker may not single you out, but, say if they’re checking common passwords against every email, you don’t want a hacker to stumble upon your password.

However, bear in mind the consequences of these break-ins. A weak password could result in: the loss of valuable data such as presentations, emails, and music; bank account information, money, or even your identity stolen; plus, an unauthorized user may use your computer to break the law, which could cause legal trouble.

The Anatomy of a Strong Password

  • Choose a password that’s long. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. 
  • Common password policy usually includes numbers, symbols, capital letters, and lower-case letters.
  • Don’t include dictionary words – especially one on its own! Any combination of a few words, especially if they’re obvious, is also bad.
  • Don’t use common patterns and sequences! QWERTY is far from creative and unique.
  • Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
  • Don’t use personal information Avoid creating passwords from info that others might know or could easily find out. Such as your nickname or initials, the name of your child or pet and important birthdays or years.

Creating a Memorable & Secure Password

You’ll need to think about how to come up with a memorable password. You don’t want to use something obvious with dictionary characters, so consider using some sort of trick to memorize it. For example, you might find it easier to remember a sentence like “My Desk is Blue and White, and Cost Me £120.” You can turn that sentence into a password by using the first digits of each word, so your password would become MDiBaWaCM£120.

XKCD did a comic about passwords advising to choose four random words and stringing them together to create a passphrase—a password that involves multiple words. The randomness of the word choice and length of the passphrase makes it strong. The most important thing to remember here is that the words need to be random, don’t make sense together and aren’t in the grammatically correct order. It should also be much easier to remember than a traditional random password.

Don't Recycle your Passwords

When you have created a good strong passphrase, don’t be tempted to recycle it by using it across multiple websites because, if it ever did get compromised, then any other site where you used the compromised password becomes vulnerable. Likewise, don’t mix work and personal passwords as that could cause a serious data breach at your company.

Whilst this advice is all well and good, the sheer number of sites we have to create passwords for is enough to drive us to distraction. So how do we create safe passwords for the multitudes of sites we use?

One solution is to combine your regular passphrase with a unique, word-association reference to the website in question. For example, using the same password but adding a ‘£’ for your bank account and ‘shop’ for your eBay credentials. Using this method, you only have to remember your main password, as the word-associations would come naturally from the sites you use.

Be Prepared if your Password is Compromised

Add recovery information to help you if websites detect unusual activity in your account by:

  • Adding a recovery email address
  • Adding a recovery phone number
  • Using 2-factor authentication

Leave a Reply

Your email address will not be published. Required fields are marked *