30 Comments

Summary:

It’s absolutely crucial that I do everything I can to protect my information. I do my best to find trustworthy applications, but in the end, some of my security comes down to something I do for myself — choosing good passwords.

I conduct pretty much all of my business online. I use a dozen different web applications on a daily basis. I rely on these tools to get my work done, which makes it absolutely crucial that I do everything I can to protect my information. I do my best to find trustworthy applications, but in the end, some of my security comes down to something I do for myself — choosing good passwords.

A good password has to balance security with our ability to remember it, because minimizing the number of places that a password is written down or otherwise recorded is a good idea. It’s a tough line — the most memorable passwords are the easiest to crack, while the most secure are a jumble of characters that are impossible to recall. But there are some steps you can take to create a reasonably secure password that you’re less likely to forget.

  1. Forget about amusing passwords. Among the most common passwords are those that seem to amuse the person creating them — there are plenty that use profanity or insults. Some sites, such as Twitter, have actually created lists of words that are banned from use as passwords. A surprising number of them fall into this category. Passwords such as these aren’t secure, if only because they’re relatively common and more likely to be tried first if someone is trying to crack your password.
  2. Try longer phrases. Most of us have an easier time remember actual words and phrases than random assortments of letters and numbers. Using just one word, perhaps with a number tacked on to the end, is often less secure, however — certain methods of hacking passwords include simply running a dictionary through the password system. Using a longer phrase — especially if it includes numbers or other characters — makes it significantly harder to guess.
  3. Use a minimum of eight characters. Longer passwords are better. Most sites require you to have at least six characters in your password these days. Some are moving up to eight, but if you can go for longer, you should. That’s another benefit of using a phrase.
  4. Choose related, but not identical, passwords. You want to minimize the chances you’ll forget a password, but using identical passwords means that if one of your accounts hacked into, you’ll run the risk of having other accounts hacked as well. One option may be choosing phrases about the same topic, while another is changing key parts of your password to reflect the site you’re using it for.
  5. Don’t use personal details. In the event that someone is hoping to gain access to your personal accounts, details like your phone number, employment details and important dates in your life will be among the first passwords typically tried. Instead, you want to use something that may have personal meaning for you — at least enough to help you remember it — but that won’t be easy for anyone else to guess.

How do you create secure yet memorable passwords?

Photo by Flicker user akeg licensed under CC BY-ND 2.0

Related GigaOM Pro content (sub. req.): Can Enterprise Privacy Survive Social Networking?

  1. EdgewaterScott Tuesday, March 23, 2010

    I choose an odd word from another language, insert two numerals somewhere, and add two characters from the url of the site I’m developing the password for.

    Share
  2. The best password is a long one which isn’t so complicated that you have to write it down to remember it. It’s no secure if it’s written down. Dictionary words are just out. I pick a quotation or line from a movie or song and build a password out of the first and last letters of each word in the phrase. Or I might mix things up and use the first letter of the first word, the second letter of the second word, etc. If I wrote some of my passwords out in a list, noone could use it to figure out my system.

    Share
  3. [...] How to Create a Strong Password – WebWorkerDaily [...]

    Share
  4. Really?

    Use a password manager. Keepass or KeepassX is a great option. Get one that generates random passwords. Then you only need to remember the passphrase to open your password database and ALL of your passwords are secure and unique. Backup your password database to keep it safe. I can’t be heavy-handed enough in saying that this IS how you should be managing your passwords. It will be awkward at first, but you will adapt and be safe and organized.

    Share
  5. He!

    Check out Gina Trapani’s approach for very simple yet effective passwords.

    http://lifehacker.com/184773/geek-to-live–choose-and-remember-great-passwords

    Share
  6. Thanks for posting this Thursday. A while back I wrote a post about my method for creating complex, yet memorable passwords, which is a combination and extension of points two and four above.

    http://www.silverspider.com/2009/creating-and-remembering-complex-passwords/

    I think you’ll find it interesting and I’d love to hear everyone’s thoughts on it.

    Share
  7. I wrote a short post about this last September:

    http://www.thewhyandthehow.com/choose-better-passwords/

    Let me know what you think!

    Share
  8. I agree with J. The best password is at least 17 or 18 random characters long, and probably impossible to remember; use technology to store these passwords and retrieve them. I have had very good luck with an online password tool called Clipperz (https://www.clipperz.com) which uses strong encryption in the browser to generate cipher text that in turn is stored on their server. The folks running the website couldn’t reveal your password if they wanted to — all they get on their end is the meaningless cipher text. They’ve got a very good “backup” option that allows you to download a complete, working, local read-only copy of the site to your own hard drive; I keep mine on a thumb drive. It is very, very secure.

    Share
  9. Robert Dobbs Friday, March 26, 2010

    This seems interesting: http://twitter.com/tipas/

    Share
  10. Or use passwordsafe which can be downloaded for free from passwordsafe.sourceforge.net

    This application will generate random passwords and store them in an encrypted database. You just need to remember 1 passphrase for unlocking your “safe”.

    Share

Comments have been disabled for this post