I conduct pretty much all of my business online. I use a dozen different web applications on a daily basis. I rely on these tools to get my work done, which makes it absolutely crucial that I do everything I can to protect my information. I do my best to find trustworthy applications, but in the end, some of my security comes down to something I do for myself — choosing good passwords.
A good password has to balance security with our ability to remember it, because minimizing the number of places that a password is written down or otherwise recorded is a good idea. It’s a tough line — the most memorable passwords are the easiest to crack, while the most secure are a jumble of characters that are impossible to recall. But there are some steps you can take to create a reasonably secure password that you’re less likely to forget.
- Forget about amusing passwords. Among the most common passwords are those that seem to amuse the person creating them — there are plenty that use profanity or insults. Some sites, such as Twitter, have actually created lists of words that are banned from use as passwords. A surprising number of them fall into this category. Passwords such as these aren’t secure, if only because they’re relatively common and more likely to be tried first if someone is trying to crack your password.
- Try longer phrases. Most of us have an easier time remember actual words and phrases than random assortments of letters and numbers. Using just one word, perhaps with a number tacked on to the end, is often less secure, however — certain methods of hacking passwords include simply running a dictionary through the password system. Using a longer phrase — especially if it includes numbers or other characters — makes it significantly harder to guess.
- Use a minimum of eight characters. Longer passwords are better. Most sites require you to have at least six characters in your password these days. Some are moving up to eight, but if you can go for longer, you should. That’s another benefit of using a phrase.
- Choose related, but not identical, passwords. You want to minimize the chances you’ll forget a password, but using identical passwords means that if one of your accounts hacked into, you’ll run the risk of having other accounts hacked as well. One option may be choosing phrases about the same topic, while another is changing key parts of your password to reflect the site you’re using it for.
- Don’t use personal details. In the event that someone is hoping to gain access to your personal accounts, details like your phone number, employment details and important dates in your life will be among the first passwords typically tried. Instead, you want to use something that may have personal meaning for you — at least enough to help you remember it — but that won’t be easy for anyone else to guess.
How do you create secure yet memorable passwords?
Related GigaOM Pro content (sub. req.): Can Enterprise Privacy Survive Social Networking?