Strong password tips – How to create the strongest password you can
June 25, 2015 12:32 pm
So you’ve bought your domain, and built your website using either a website builder or your own developer, you’ve sorted out your business email address, and you’re all ready to go. Great! But there’s just one thing: Have you thought hard enough about your passwords?
If you’re running a business online, or if you’ve just created a website for fun using something like WordPress, you can’t afford not to think about having strong passwords. There are lots of hackers out there who will hack you site just for the hell of it, or because they want to steal valuable information like your customer or business data. There are many different things that you can do to make your website secure, but everything starts with having strong passwords for everything. That means a strong password for access to your site’s back-end, a strong password for your business and personal email, strong passwords for all of your social media accounts, your domain hosting account… for everything, basically. It’s important not to leave any security holes – if you leave just one tiny gap, folk with malice in mind can use the information they get from one account to crack their way into everything else.
Read Mat Honan’s chilling account of how his ‘entire digital life was destroyed’, and you’ll understand why it’s important to have a strong password for every account. He writes:
‘First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
‘In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened.’
Frightened? You should be! But we’re not here just to scare you, we’re here to help, too! Let’s go through some strong password tips, and make your digital life secure!
Strong Password Tips – No. 1: Your password should have 12 characters, minimum. Not everybody agrees on exactly how many characters a password should have, but it should be at least 12. More is better. Even more than that is better again.
Strong Password Tips – No. 2: It should include a mixture of numbers, symbols, lower-case letters and capital letters. Mix them up as well as you can, and avoid obvious substitutions like 0 for o or 3 for E; the hackers know those tricks! In general, avoid using versions of real words that can be associated with your identiy. For example, if your name is Eddie Jones, don’t go for 3ddi3!J0nes, it’s too obvious. You need to get creative if you want to create a strong password!
Following on from that, Strong Password Tips – No. 3: Don’t use dictionary words! And don’t use phrases or combinations of dictionary words. Ideally, what you’re trying to create is a random string of letters, numbers and characters that bears no similarities to anything.
Strong Password Tips – No. 4: If it’s available, use two-step authentication. Gmail, for example, features two-step authentication as standard – if you have a gmail account, turn it on right now! Two-step authentication is a system whereby an SMS is sent to your phone when you try to log on to your account from a computer you haven’t used before. After you’ve entered your password, a screen will pop up telling you to input the code that’s been sent in an SMS to your phone. You will only be able to access your account after you input that code. You can then tell the system to trust that computer in future (meaning that next time you won’t need to go through the extra step) or tell it not to.
But how will you remember your passwords?
This is where it gets difficult. Memorable passwords are easy to crack, but strong passwords are hard to remember! A password like aMe98)0wqr**30&!@^3r9934 is very strong, but very hard to remember. But all is not lost, you’ll just have to get creative. Think of something that you know very well, turn it into a phrase, and use the phrase as a mnemonic to remember the password. For example: ‘My first CD was by U2. I bought it for $12 in the Virgin Megastore.’ Now take the first letters of that phrase and turn it into a password: MfCDwbU2Ibif$12itVM. Easy to remember, hard to crack!
Another trick is to combine a string of entirely random words, and use that as your password. But the words do need to be entirely random: something like ‘the big red bus’ is useless. The human brain isn’t great at generating truly random strings of words, unfortunately, so you’ll need some technological help with this one. Diceware is a website that will help you generate a truly random string of words by rolling a dice – check it out. The example they use on the site is ‘cleft cam synod lacy yr wok’. Totally random, and oddly easy to remember!
Don’t use the same passwords across different accounts
Whatever you do, after all this work, don’t go using the same password across multiple accounts! Each account will need its own unique strong password. Otherwise, if somebody does somehow crack your super strong password, all of your accounts will be compromised. Don’t make it easy for the hackers!
If you have a lot of accounts, and don’t trust your memory, you might need to get yourself a Password Manager. There are loads out there; some only store you passwords on a single device, some sync across devices, some will audit your passwords for you, and most come with features designed to improve your security everywhere in your digital life, while also offering their own kind of security to protect your data. We’ll take a closer look at password managers in a future article, but for now here’s a quick list of some of the best:
So, have you come up with your new strong passwords yet? What are you waiting for?!