Do’s and Do NOT’s for Password Creation, Storage and Memory
Written By: Andy Ogg, Editor and Marketing Director – Travel Professional NEWS
“User has been locked out to exceeded login attempts”
Have you ever seen a message like the one above? How often? If you are anything like me, it happens WAY too much and usually happens at the absolute worst time. Whether it’s rushing to get an answer for a client or secure an expiring promotion, the dreaded “forgot password” button comes into play and you’re back to square one.
With so much of our life, business, and finances depending on online use, passwords have not only become extremely complex but down right confusing. If you have a password that works for one site, chances are they won’t work for another which leads me to my biggest question, how do you remember all of them?
Last month while working on one of our websites, I made the dreaded mistake of locking myself out. Sigh. I reset the password and got in but I made the rookie mistake, that I know better than doing, of not writing it down. Fast forward a few days later and WHAM, you guessed it. “Forgot Password” to the rescue. The ordeal got me thinking and through some research and education, I’m here to share some Do’s and Do Not’s of passwords, password protection and password creation.
Understand Password Policy
Not too long ago, I thought I had created the best password ever. It was 10 characters long, contained capital letters, numbers and symbols. The best part was I was actually able to remember it! I began using this new creation and after about 3 updates, I received the lovely “password not accepted – must contain at least 4 numbers” message that I’m sure you have received as well. Back to the drawing board for me but hopefully not for you.
Each avenue you use a password hold their own unique password policies and while many are similar, they aren’t all alike. When signing up or changing your password, no matter the site, be sure to review their password policy to create a password that meets their minimums and that you can actually remember, hopefully.
The 8 + 4 Rule
When generating a password, adopt the 8 + 4 rule which means 8 letters and at least 4 numbers. In addition, there should be a capital letter and a symbol to make it even more difficult. I’ve found that substituting numbers for letters to be very helpful. For example, a S looks a lot like an S, a 8 looks a lot like a B and a ! could be a great 1 or L.
Spread the Digits
Bunching symbols and numbers together isn’t the most secure way to protect yourself so spread the digits out throughout your password. Instead of “Password1$#” something like “Pa$5w#rd” would lead to increased security for you, while being somewhat easy to remember, hopefully.
NEVER Make it Personal
Putting your dogs name as your password isn’t a good idea. Having your last name or home address, nope, not a good idea. Unless you are not sharing any part of your life online or live on a private island, chances are that most of the personal data like dog names, children names, years of birth and so on, is readily available online to hackers or identify theft that may be targeting you. Leave the personal stuff for your desktop background and make your passwords as random as possible.
Avoid Dictionary Words
There are programs in place utilized by hackers that can run through an entire dictionary of words in a minute so avoid using anything that is a “real” word. By interjecting numbers and symbols into your password, the chances of these highly advanced programs guessing your secret code dwindles quickly so don’t close your eyes and point at a random page in the dictionary, get creative and make your own language.
Different Site = Different Password
I can remember back when I had 5 passwords total, now I have about 500. There is absolutely no way that I could create a unique password for each site or login that I use, so my recommendation is to create 10 – 15 passwords that are different and use those for your different logins. If security is your highest priority than creating a unique password for each and every site is needed. However, if you’re like me and are too busy to find or remember more than one thing at a time, my method has been working well for a couple of years now, at least for me.
In line of avoiding the dictionary, paraphrasing can help create passwords that are secure and that you can actually remember. Something like “SIMF” could stand for “Sunset Is My Favorite” and allow for great security that you, hopefully, won’t forget.
Much of the research I found said that writing down your password or storing them on your computer is one of the worst things you can do. My question to that is, how the heck are you supposed to know what password goes where and what are the actual passwords?
No clue? Me neither.
Storing your passwords on your computers hard drive is a risky business but in my opinion, there is a way to do it that is not only helpful but safer. In nearly every program such as Word, Excel, Pages, Numbers, and so on, there is an option to secure the document via password. I would suggest to do that and create a password to access that document that is only used there, no where else. This would allow for access to your “database” of logins and passwords while still being secure in the access to that information. Again, it is suggested by many sites to not store your passwords anywhere but to remember them, if you can do that, I suggest that.
The best passwords don’t make sense so adopt the crazy in your password creation. Something like “sanfransico” for someone who lives in New York, or “surfer” for a bicycle enthusiast may help in throw off the possible attacks from hackers and identity thief’s.
Obviously you aren’t going to post your bank account password on Facebook but sharing it in an email or text can be just as dangerous. When it comes to providing a login or verification code to a colleague or partner, provide the login information and call with the password. It’s not that much more work and is loads safer for you and your business.
Adopt Stronger Policies for the Big Stuff
A password to access your Social Media or favorite shopping site is one thing but the password to login to your business banking is another. Make sure to step up the complexity on the important passwords using the tips above to help.
All in all, living in a digital age has it’s extreme advantages and disadvantages and with that comes responsibilities that are new to us all. Protecting your passwords is quite arguably more important than protecting your passport or social security card in todays times so be safe. Find a way that works for you and not only helps you to remember but is secure as well.
Until next time, $eE y0u ()uT th3r3!