April 22, 2013 · 4 min read
Choosing a good password
Last week, over 90,000 WordPress blogs were compromised when hackers successfully accessed their admin passwords and added them to a botnet. The hackers didn’t use state-of-the-art technology; they simply created a programme that cycled through 1,000 common passwords to see if any of them worked. The sheer number of WordPress sites they were able to access shows how many people don’t set up strong enough passwords. At Cite, our web developers take Internet security very seriously, so they’ve put together some tips to help you in choosing a good password:
1. Don’t use the same password for everything. The problem with using the same password for all of your profiles is that if somebody does figure it out, all of your other online accounts could be compromised.
2. Consider using a base word. Many of us have dozens of online accounts, and creating a new password for each of them would be difficult to keep track of. One way to get around this is to create a base word that you can change slightly for each site. The base word should be something important to you that other people wouldn’t guess, and from there the variation can be something to do with the website you have an account on. For example, your base word could be the name of your pet dog when you were 10 years old, in this case we’ll call him Spike. Therefore your Gmail password could be Spike10gmail, your Amazon account would be Spike10amazon, and so on.
3. Don’t use personal information. We all share personal information, like birthdays, spouses names and addresses, with our friends and colleagues, so it is best to avoid any personal details that others would know about.
4. Avoid common words or phrases. Common passwords include words like “password” “admin” and “letmein” as well as keyboard patterns like “asdf” “qwerty” and “12345.” Avoid these at all costs. They are just as easy to hack into as they are to remember.
5. Use letters and numbers. Mixing letters, numbers and symbols in a password helps to make it more secure. This is because there are 6 quadrillion more possible variations for a mixed password than one that is just made up of letters. Many websites now require at least one letter and one number in a password for this vey reason.
6. Use first letters. If you have a phrase that means something special to you, consider using the first letter of each word to create your password. For example, the phrase “Two peas in a pod” can become “tpiap.” You can also use this trick for your favourite song title, book title or movie. Add a number to it and you’ve got a great password that is memorable and difficult to guess.
7. Keep password recovery options secure. Many websites offer a password recovery option in case you forget your password. Often, this includes answering personal questions about yourself. Ironically, most of these questions are not very secure because they are easy for anyone to answer if they know you. If you are able to write your own security question, then use that opportunity to create a question nobody else would know the answer to. If you do have to use the default questions like “What is your mother’s maiden name?” or “What street did you grow up on?” then make your answers unique by establishing a convention of adding a symbol after the first letter or a number after the last letter. For example, “L#ondon” or “London9” instead of “London.”
8. Use longer passwords. Short passwords typically aren’t as strong because there are fewer possible letter combinations. Passwords should ideally be at least 6 characters. Passwords that are 15 characters are considered extremely strong.
9. Store your passwords in a secure place. Many of us feel inclined to write down our passwords so we don’t forget them. If you do write your passwords down, make sure they are stored somewhere safe and not on your desk or in plain site. Try writing your passwords down on a separate sheet of paper from your username, so only when the two pieces of paper are put side by side do all of our login details line up. This way if somebody finds one of the papers, they do not have all the information to log into your account.
10. Change passwords regularly. It is always a good idea to update your passwords on a regular basis so they are more difficult to figure out. If you think any of your passwords have been compromised, change your password immediately and update your recovery questions in order to prevent people from accessing your account again.
With these useful tips from our web developers, your passwords will help ensure that your online accounts are kept safe and secure.
Do you have any other tips about choosing a good password? Let us know in the comments below.