Among all the existing and developing authentication methods, the username/password combination is still the most commonly used and very effective way to authenticate user. You need password to access your email, your social media account, your bank account, your credit card account, etc. Among all the passwords of yours, which password do you think is the most important?
In my opinion, the most important password is the password of your primary email account (if you have more than one email account like me), because mostly likely you do on-line shopping, on-line banking, on-line tax return and so on. Those accounts are all registered with your primary email account and you receive alerts, promotional offers, important messages, etc. via email. If you ever forget your password of any of those accounts, you will be able to reset your password through your primary email account. Usually you click a “Forgot your password” link, then enter your email address. In a short time, you will receive an email with a password-reset link, and you will click the link to go to a page to reset your password. Now, imagine if a hacker somehow got the password of your email account, then the hacker could easily take control of many of your financial accounts by simply reseting the passwords, then your life would never be the same.
Of course, a hacker can hack someone’s financial account password directly and cause serious financial damage to the user, but the email account hacking has larger impact.
Hopefully you see the importance of the password, now let me give you some guidelines of creating GOOD passwords, and you can use the guidelines to check if your password is secure and strong, then I will show you some tips to create secure and strong passwords.
Before I start, I want to stress this: Keep your passwords secret, and don’t share with other people. The only exception that I suggest sharing passwords is between husband and wife. The reason is simple and out of the scope of this article, so I will not explain.
If you create a strong password and share it with other people, then it is like you put a state-of-art sturdy lock on your front door, then hang the key next to it. It’s absurd, isn’t it? But you will be surprised to see many people are actually doing this.
Now let’s get to the password guidelines:
1. The minimum length of the password is 8 characters. I personally suggest 12-14 characters.
2. The password should contain at least one lowercase letter, at least one uppercase letter, at least one number, and at least one symbol or special character, such as @,#,%,&,*,$.
3. Avoid using sequential numbers in your password.
4. Avoid using dictionary words in your password, if you have to, then mix lowercase with uppercase.
5. DO NOT include your birthday or birthday of a family member, anniversary date, or any other important dates in your password.
6. DO NOT include your zip code, bank PIN, or telephone number in your password.
7. DO NOT Ever, ever, ever use your email address as your password.
8. DO NOT use one password for everything. “One password rules all” is a super bad thing. (This is not a guideline for creating password, but for a guideline for using password).
Now let’s see an example.
The classical example is “password”. It has 8 characters, but it is a BAD password. How about “password123456”? It has 14 characters. It is still a BAD password because it is NOT all about the length of the password. You also need to take the complexity into account. If you test this password in The Password Meter tool to test its strength and you will get a score of 64% (100% is your goal).
Now let’s see what we can do to make this BAD password a little bit stronger.
a). Add a special character, say #, at the end. Score of “password123456#” is 86% now.
b). Let’s mix lowercase with uppercase. Score of “PassWord123456#” is 100%. Hooray!
But wait, a 100% score DOES NOT mean it is a good password, “PassWord123456#” still violates some guidelines above. We should correct them to make it a really good password. The common way to avoid dictionary words in your password is to replace some letters with special characters or numbers. For example, replace “s” with “$”, “a” with “@”, “o” with number zero, etc. Now, “PassWord123456#” can be transformed to “P@$sW0rd123456#” (it is the number zero in it). If we can replace letters with numbers, then we can do the opposite to avoid the sequential number, right? Now “P@$sW0rd123456#” can be transformed to “P@$sW0rd12s45b#” (doesn’t “3” look like “s”, “6” look like “b” to you?). Now this new password “P@$sW0rd12s45b#” is a really secure and strong password, and it meets all the guidelines above. And it would take a super computer many years to crack it.
However, the above example is still NOT a good password. Why? It’s too common and everyone who reads this post can choose it as their password, which is not a good idea. A good password not only must be strong, but also must be unique to you so no one else can figure it out. So now let’s do a more realistic example.
The first step is to start with something only known to you, or unique to you, instead of using “password123456”. For example, if you got married in 2006, then you can use “IGotMarriedIn06” as a base phrase to start with. Then follow the aforementioned steps to replace some letters and numbers in it to make a strong password such as “iG0tM@rr!edIn0b#”.
In the part two of the post, I will show you how to avoid using the same password everywhere by creating strong and secure password easily for each account that needs password.