Now a days, there are so many passwords to remember: Facebook, Twitter, YouTube, Gmail, sephone’s datAvenger CMS, custom applications, email and so on. One of the most common security problems that we run into here at Sephone, is that somebody picked a weak password and somebody else guessed it. This posts aims to help you pick secure passwords.
In general, passwords should be hard to guess and elusive to figure out. Here are some guidelines that I like to use
- 8 chars at least in length
- includes numbers
- mixed case (upper and lower case)
- contains some special characters (“*!/’ etc)
In addition, you should try not to use the same passwords at every site. Lets say, your twitter account email is firstname.lastname@example.org and your password is test. Bad password, but just an example. If Twitter gets hacked and somebody has a list of logins, you know they try other sites with that list.
Also, it comes without saying (I hope), don’t store your password where people can get it. This means not saving it on the computer you are using, unless you have a fair degree of physical security for that machine, meaning somebody can’t use it or steal it easily. Don’t write passwords down where people can see them. And also, don’t tell your password to anybody.
Here are commonly used passwords that are bad.
- same as the username
- your birthday or child’s birthday
- pet’s name
- a simple dictionary word like “fence”
- keyboard patterns like qwerty, asdf or rfv
Here is a list of some good passwords, but don’t actually use these ones. This gives you the idea.
Yes, these are harder to remember, but once you get them, it will not be an issue. Most of the passwords that I have, I don’t know them mentally, my fingers have learned them and I can type them automatically, but struggle to know what the actually password is. It’s surprising how quick your fingers will learn them.