The IN’s and OUT’s of STRONG Passwords

If you use a computer for anything, you know about passwords. Annoying at best and often frustrating, passwords have become part of our everyday life. The more you do, the more passwords you get.

Passwords serve a very important function. They are the first line of defense for the things we do. But a password is only good and only does its job if it is strong. The best way to define a strong password is to define a weak password. If any of these characteristics apply to your password(s), it is weak:

  • Less than eight characters
  • Is a word found in a dictionary (English or foreign)
  • Common usage words like names of family, pets, friends, co-workers, celebrities, fictional characters, computer terms, web site names, companies, birthdays, phone numbers, etc.
  • A pattern of words or numbers like aaabbb, qwerty, zyxwvuts, 123321
  • Any of the above spelled backwards
  • Any of the above preceded or followed by a number (ex secret1 or 1secret)

So what makes a password strong? It should have the following characteristics:

  • Contain both upper and lower case characters (a-z, A-Z)
  • Have digits and punctuation characters also (0-9, !, @, $, %, &, etc)
  • Not any word in any language, slang, or jargon
  • Not based on any personal information

So how do you make a password strong and still be able to remember it? One way is to base it on a song title, book title, or phrase. For example from the phrase “This May Be One Way to Remember” the password “TmB1w2R!” or “tMb1W>r~” could be made. The phrase “Jack and Jill went up the hill” could be the password j&JwuTh!

With so many passwords to remember, you may be tempted to write them down, or use the same password for everything, or avoid changing your password. Passwords should be changed at least every 90 days. And you should never:

  • Write down your password
  • Reveal a password over the phone to anyone
  • Reveal a password in an email message
  • Talk about your password in front of others
  • Hint at the format you make your passwords to others
  • Reveal passwords on security forms, questionnaires, or web sites
  • Share passwords with family or co-workers
  • Store your passwords in an unencrypted electronic format.

If you can’t remember your passwords store them in a strongly encrypted database. There are applications for PCs as well as mobile phones that will let you store your list of usernames and passwords using strong encryptions. But remember to use a strong password on those as well.