With the a new hacking scandal in the news every other week, everyone should be concerned about the security of their online accounts. Here are a few simple techniques for creating strong passwords - and remembering them!
Avoid using the following passwords, which a surprising number of people use: password, QWERTY, 123456, 00000 and Letmein. Also, don’t use information that can be guessed with minimal effort. For example, Fred Bloggs would be advised against opting for a username of “Fred” with “Bloggs” as his password. Similarly, avoid the name of your spouse, children or pets, birthdays and any other details that can be discovered from social networking sites and elsewhere.
Some experts even suggest that passwords shouldn’t include any words of the English language or place names. Instead, they recommend that passwords include upper and lower case letters, numbers, punctuation and least least six or eight characters in total – the longer the better. Although such passwords are not easy to remember, if you use KeePass or another utility that stores your paswords securely it doesn’t matter.
However, for sites you log into regularly, and would prefer not to have to load KeePass every time, it does pay to pick something memorable.
It also pays to enable two-step authentication where available. This is a two-step login process so merely having a password isn't enough. For example, a code may be sent to your mobile phone during login, and you need to enter the code as the second stage. It's not as convenient but it's miles more secure. Google, Twitter, Dropbox, Evernote, Amazon, LinkedIn, Yahoo, Steam, PayPal, Microsoft and others all offer two-step verification now, but you'll need to manually enable this in your account settings.
How to create a strong password
It's still important to have a strong password though. A good way of generating a password that is hard to guess but easy to remember is to devise a phrase that contains ordinary words, names of people or places (so they start with a capital letter) and numbers. Your password is then obtained by taking the first letter of each word except for the numbers which are represented by figures. So, if your phrase was “Bradford is thirty two miles from Manchester” the password would be Bi32mfM.
Similarly, you can create a password using a line from something easy to remember such as a song or nursery rhyme. It's easy to remember the first letter from each word of "Jack and Jill went up the hill" and turns into this seven-character password: JaJwuth. Again, names make it easy to introduce upper-case characters.
You can also substitute characters for symbols, numbers or punctuation. Replace any letter 'i's with 1s and any 'a's with 4s and your password becomes much harder to crack. Christmas, then, becomes Chr1stm4s, which is a strong password.
How to remember passwords
Using a password manager such as KeyPass will help you to remember lots of strong passwords (making it more likely you will actually use one), but provides no protection from hackers if you continue to use passwords that those with criminal intent might be able to guess. See also: Passwords don't work - here are 4 ways to fix them.
It's worth noting if you are going to use a master password manager that it might not be as secure as you assume. Ross Hasman reports on Medium.com that "1Password sends your password in clear text across the loopback interface if you use the browser extensions." He later clarifies that "I’m not saying don’t use 1Password and I’m not saying this is a massive security issue... You can read further on its link here where it does put caveats and say that if someone has root on the system it basically can’t protect you."
If you need to remember multiple passwords, an easy way to avoid forgetting which website they're for it to use its name (or part of it) in your password. You can combine this with any of the techniques we've suggested to create a long, memorable password. Your Facebook password could be FaceM4tr1x, a combination of the website's name and your favourite movie, with some number substitutions thrown in for good measure. It's a password that's impossible to guess, extremely hard to crack, yet easy to remember.