7 Do’s And Don’ts For A Good Password And Strong Security

Password Tips
Password Tips

A strong password is very important to protect our personal information and is the first line of defense in data security. Without a strong password, we cannot adequately protect our personal data, credit card accounts, social media accounts, work, and any number of other things. However, password security is one of those things that many of us do not think about until it is too late.

Despite how prevalent they are, and despite how important they are, a lot of us still have trouble creating good passwords. Most of us did use the same password for other accounts. Many people not only use the same password all over the Web, but they also choose weak and foolish passwords.

Here we outline a simple list of Do’s and Don’t s when picking a secure password. Hint: if your password is a simple dictionary word or a name with a couple numbers, then it is not secure.

The Do’s

1. Setup two-factor authentication

The two-factor authentication is a great feature that improves your account security and nearly all major websites offer it. What makes this feature great is that your account has to be approved not just by an email, but on your phone as well via an app or text message. Google, Facebook Twitter, and others have it — look in the “security” section of their options pages.

2. Pick strong passwords

For a strong password always use a combination of uppercase and lowercase letters, symbols, and numbers. Some of the easiest-to-remember passwords are not words at all but collections of words that form a phrase or sentence.

You can use the opening sentence to your favorite novel, or the opening line to a good joke, and replace certain letters with numbers and spaces with symbols. For example, research has proven that “My$P@55w0rd$15$5up3r_5tr0ng” (“My Password Is Super Strong”) is more secure than “pass1234” and it is also easy to remember. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.

3. Use common sense

Only enter your password ANYWHERE but in fields marked “password”. In addition, always update your malware and virus detection apps regularly. They will help you detect and remove any keyloggers or Trojans from your system. However, remember they cannot prevent hacks that have never been seen before, or ones happening halfway across the world.

4. Use a good password manager with two-factor authentication

If you have too many online accounts, it will become hard to remember all of them. This is where password managers come in. A password manager is an app that stores your passwords for different sites. That means you do not have to remember all the passwords you use. You will have to remember the one for the password manager, so make sure that password is really secure and something you can remember.

The good thing is many modern browsers and devices have them built in and even allows you to sync in the cloud. Some of them even offer a master password feature which you have to enter to access the stored passwords. However, you are not limited to browsers inbuilt password managers. There are many third-party services like LastPass, 1Password, Dashlane, etc. They also allow you to sync the passwords with cloud with two-factor and even share them with other devices or family members. If you are not a fan of cloud based services, then there are offline password managers like KeePassX.

5. Do change your passwords regularly

There is disagreement about how long to go before changing your password, and many sites have their own requirements. What all the experts can agree on, though, is that if anyone else knows your password and you do not want them to use it, change it.

6. Do play with your security question answers.

Phishing attempts can get pretty sophisticated. I have seen online quizzes written in such a way that they manage to gather the information that security questions often ask for (for example, “Enter your pet’s name and the street you grew up on to learn your fantasy novel character’s name”). But by playing with your answers to the questions, you will not have to worry that your information could be used to get into your accounts. So, when answering security questions, use fictional characters and locations as your answers. Then, when some unscrupulous person has your real personal details, they cannot use them to break into your accounts.

7. Delete unused accounts

There is no sense in holding on to account that is not being managed and has the potential for hacking. Even though the account is not in use, a hacked account potentially can expose other sensitive information about yourself or others around you. Moreover, if you use the same password in other sites, then those accounts will also be compromised.

The Don’t s

1. Do not use personal information as your password.

Do not choose passwords based upon details that may not be as confidential as you would expect, such as your birth date, your Social Security or phone number, or names of family members.

2. Avoid hard to remember passwords

If you do not like a password manager and use a complex password that you cannot remember then it is also a security risk.

3. Do not use same passwords for all accounts

Avoid using the same password at multiple Web sites. It is generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you do not use this same password at sites that are sensitive.

Moreover, never use the password you have picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there is a good chance someone will be reading your e-mail soon.

4. Do not blindly click prompts that appear on screen

This is just common sense. Do not answer “yes” when prompted to save your password to a particular computer’s browser. Instead, rely on a strong password committed to memory or stored in a dependable password management program.

5. Do not fall for Phishing attacks

Always remember that websites, banks, and cloud services do not send weird emails asking for your password. No one legit will ever ask for it; only hackers and scammers will.

6. Do not store your password where it can be easily found

Whatever you do, do not store your list of passwords on your computer in plain text. Instead, use a good password manager apps like LastPass or KeePass. If are worried about online password managers, then do not worry. There are many offline password manager apps too.

If for some reasons, you want to write down your password, then the most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that gives meaning only for you. If you forget your password, most Web sites will email it to you (assuming you can remember which email address you signed up with).

7. Do not make a password that is easy to guess

Some passwords are super easy to guess because they get used all the time (password, 123456). Others are easy to guess because the characters are related, follow patterns, or are single words you would find in a dictionary (asdfgh, xoxoxoxo, initiative). Do not use words that can be found in the dictionary. Password-cracking tools freely available online often come with dictionary lists that will try thousands of common names and passwords.

Personal information is another category that is easy to guess since so much of it is easy to find out (your birthday, your phone number). A lot of folks use variations of the same password across multiple sites, but this can be easy to guess, too, especially if the person trying to figure it out has seen any of your other passwords (Xgoogle1!, Xfacebook1!; password01, password02, etc.). If your password is easy to guess, whatever it is protecting is easy to get to.

A few last words

Always remember that creating completely uncrackable passwords is impossible. However, you can use the above tips and suggestions to ensure your password is harder to crack than the average person. Sometimes that is all you need.

Also, to help you generate some good random passwords, here is a nice online password generator from xkcd — https://xkpasswd.net/s/

See Also

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the articles or provide a link back to this page.

I am a freelance programmer and tech enthusiast. In my spare time I contribute to this website.

Subscribe to our mailing list

%d bloggers like this: