A Guide to Better and Secure Passwords for Your Accounts
Almost everyone of us who uses Internet has at least one online account that requires a username and password. While some of us choose to use complicated passwords, others give least importance to it. Every now and then many websites surfaces on Internet with loads of new services and requires that you to register with them to be able to use their services. A few days ago, I sat down thinking about different websites with whom I had an account and started to count them. I had 25+ such websites where I was registered and for over 10 of them, I don’t remember the password and username combinations. That’s bad! Isn’t it? In process, I also realized that I was not only using a very weak password for many of these accounts, but also indirectly vulnerable to very easy password hacking. It would not take lot of time for a tech savvy person to guess my password and I wanted to put an end to it. I did it and I thought it might save your day if I were to share the techniques that I adopted towards a better and secure password management of my accounts.
What is a secure password?
Any password which can not be easily cracked or hacked! Having said that, one thing you must understand is that a person directly trying to guess and type your password on a website such as Yahoo!, Hotmail, MSN or GMail to gain access to your account is different when compared to a person who is trying to decode your account’s password directly from a password file. Security from an end user’s perspective is up to the point where he/she can secure password in such a way that another person can not guess it at all! A hacker might somehow gain access to a server which has your account credentials and in such cases the password file might still be encrypted. Hacker then may run a software which will use combination of common dictionary words, numbers and special characters to decode your password from the file. If your password is weak, it’s much easier for a hacker to decode it by using such applications. Some other common things where you use a password to gain access to resources are administrator passwords, rar or zip password, system passwords such as on Windows XP, passwords on forums, online casino, excel sheet etc.
NEVER use ANY of the following in your passwords:
1. Name of a place such as city, country, street etc.
2. Name of a person – your name, anyone from your family, friends, your favorite artist and people whom you know.
3. Name of your company – Current company, previous company etc.
4. Name of your pet(s) – Don’t use this because most of our pets are named after common English words.
5. Verbs and Nouns etc must be avoided in the password.
6. Don’t rely on free passwords that someone can generate for you. Generate your own password for extra safety.
How should you change or select your new password?
No matter if it’s a password that you want to select or change for your email account, shopping account, credit card related accounts, banking accounts or password manager software, a single and effective password policy can put lot of security in place. A secure password must follow the mentioned below:-
1. A password containing at least 6-8 characters.
2. Must contain at least 2 numbers in between first and last character of the password
3. May contain special characters such as #, $, &, (, ), @ etc.. between first and last character
4. Must contain at least one upper case alphabet such as A, B, M, H etc.
If you follow the above 4 points while changing your password or selecting a new password, consider it to be much secured than ever. Some example passwords are:- Ajh83htr, uYt886&u, Gy78y etc..
How will I remember such complicated passwords and I have so many accounts?
The trick is very simple. If you know of a good quote, use the first alphabets of the words in it, and use them in your password. Embed 2 numbers in between and make the first alphabet upper case. That’s it. Another easy way to remember your passwords is by associating them with something that you carry everyday with you. These may be your cell phones, some words that you see everyday etc. Example: You can select a password associated with your Nokia cell phone as Ia89&nok ['Ia' the last two letters of word Nokia with 'I' in upper case, followed by 2 numbers and one special character, then followed by first three letters of word 'nokia'] Isn’t that simple?
For people who have many online accounts can use two different passwords. Primary password for your banking accounts, credit card accounts, shopping carts, email accounts and the secondary password for all free services such as newsletters, bookmarking sites etc.
Change your password frequently
It’s suggested that you change your password at least once every month. You can just increment the number that you have in between the password or add a 2 digit number to existing number in the password so that people who knows that you are incrementing the numbers in your password will also not be able determine your current password.
Example: If my current password is ‘Abdf86j&h’, next month I will add 12 to 86 and my next password will be ‘Abdf98j&h’. From then on, I will add 12 to existing numbers every month to make the new password. This way it will be easy to remember the password and I will also be able to remember it.
Password Recovery
Almost every website that has a registration process also has a password recovery feature. Many of us rely on this feature to recover our forgotten passwords. But have you ever thought about this – many of these websites has very common questions such as color of your first car, your favorite teacher’s name, street you grew up on, name of your first employer etc. Do you think others many not know such things about you? It’s not difficult to find the color of your first car or your first employer and then use that information to retrieve your account’s password. So friends, when you select such hint questions, don’t give the exact information. Consider typing in your cell phone number as an answer to the question – ‘color of your first car’. It will be almost impossible for someone to think that you would use your cell phone number as an answer for your car’s color. You may try some different information for such questions as long as you remember it.
Conclusion: Some of us think that people will never try to hack our accounts because not many know us. But for a hacker, it doesn’t really matter. You must think of using a better and secure password for all your accounts and pro-actively guard yourself against any such attempts by someone hacking into your accounts.
Recommended reading – [Simple Trick to Safer Logins in Internet Cafe]
5 Responses to “A Guide to Better and Secure Passwords for Your Accounts”
Great post. On our blog, I have written about the importance of secure password creation and now we added a new post referencing your article. Very nice
.
Thank you cctech
Interesting reading Raj. Welcome to the 21st century, the age of passwords
Max, thanks for taking time to read my post.
Just wanted to let you guys know that there is a software solution offered by nFront Security called nFront Password Filter that instantly and effectively increases network security by REQUIRING users create strong passwords that adhere to your companies password policy.
Here’s a short description.
nFront Password Filter is a password policy tool that prevents the use of weak, easily hacked passwords for Windows Active Directory and SQL Server users. nFront Password Filter allows network administrators to create and enforce multiple granular password policies within a single Windows domain. nFront Password Filter can reject non-compliant passwords before they are allowed on the network. nFront Password Filter can scan a new password against over 2 million common passwords in less than 1 second. Also included is a client that lists the user’s specific password policy rules, can dynamically gauge password strength and will give exact reasons for a failed password change. All configuration is done via Group Policies (GPO) and the design contains no single point of failure and no “password policy server.” nFront Password Filter is used by many companies to meet SOX, PCI and HIPAA password compliance requirements.
Check it out. Theres a free 30 day trial too.