Like it or not, passwords are a fact of life. To register for virtually anything online these days you need to create a password, and somehow recall it days, weeks or even months later. Not only that, a good password needs to be one that can’t easily be guessed at by other people or programs. Here are a few tips on how to create strong passwords that will help keep you secure online.

Don’t choose a dictionary or ‘memorable’ word

One of the most common methods used by hackers to bypass password protection is the so-called brute force attack. These scripts simply bombard websites with login attempts using a long list of guessed usernames and passwords. That list will include a lot of the obvious ones, but also many that you might think of as not so obvious; so forget about substituting some characters of a memorable word with numbers, or adding your house number to the end.

The strongest password is one that makes no sense and that you can’t remember (I know, I’ll deal with that next). Ideally, it should be a combination of at least 12 characters including upper and lower-case letters, numbers, and symbols. You could just tap randomly at the keyboard to create a strong password, the alternative would be to use a password manager.

Do use a password manager service

Password managers like LastPass and Dashlane take all the hard work out of creating and managing passwords. Essentially they do two things. The first is that they can create strong passwords to order from randomly generated characters. Perhaps more usefully, they can store these passwords so you can easily retrieve them later when you need them. They’ll even automatically log in to sites for you if that’s what you want.

How secure is a password manager? Well, they use strong encryption to keep your passwords safe in the event that the site is hacked (this actually happened to LastPass in 2016). Ultimately though, your passwords are only as secure as the master password you use to access the password manager itself. Personally, I think it’s more secure to use a password manager to generate and store unique strong passwords for the multitude of sites I need to access than any of the alternative options.

Don’t email passwords

You’re probably not going to email your passwords to a third party, but it’s surprising how many sites which require registration will email you the login details you just signed up with. Here at Coolgrey Design we primarily work with Joomla and Wordpress and both can be configured to email newly registered users their username and password. This is never a good idea as email just isn’t secure. So if you manage a Joomla or WordPress site don’t email users their passwords (or if you do, at least configure things so that they have to change their password on first login). And if you receive an email from a website with your login details make sure to login in straight away and change them.

Don’t use the same password for multiple sites

This one should be pretty obvious. If you’re using the same password for multiple accounts then if one is compromised they all are. All it takes is for an opportunistic hacker to glean your password from a weakly protected site and they, or whoever they sell your details to, could have access to your online banking. This is another argument in favour of using a password manager – if you don’t have to remember passwords there’s no reason not to use a different strong password for every new site you register with.

Do change your passwords often, or don’t

Opinion is pretty divided on this one. If you work for a large organisation, chances are they’ll require you to change your password several times a year. Research has shown that this actually leads to people choosing weaker passwords and, even if it didn’t, it doesn’t make life much more difficult for the bad guys.

The argument for changing up every once in a while is that it would prevent a stealthy hacker gaining prolonged access to, say, your email or Facebook account. The counter argument runs that in most cases if a hacker gains access to your account they won’t hang around and will do damage right away (particularly if it’s your bank account). In 2012 LastPass introduced automatic password changing, so they obviously think it’s a good idea. 

Do stay sane

Passwords aren’t going away anytime soon. In fact, in the immediate future it’s likely that you’ll have to deal with a good deal more of them than you did in the recent past. Hopefully the advice I’ve given here will not only help you stay more secure online, but will keep you sane at the same time.

 Ken McMahon runs Coolgrey Design You can follow him on Twitter and Instagram.

Share this post