I wrote this article a while ago and a couple of security blogs picked it up... thought I would share it here.
Every single day large numbers of people fall prey to Internet fraud. Every click on the Internet is a potential open door to having our computer attacked or even worse, having personal information stolen. There is identity theft, phishing, spyware, viruses and the list of threats continues. Innocence is what makes most people vulnerable. I hope that most of the people that are reading this article are not only aware of these dangers but have already taken steps towards protecting themselves. Personal firewalls, anti-virus, anti-spyware are all good measures but a lot of us are forget one of the basic ones, a good password.
I want to list some of the tips that I use to keep my passwords fresh. It is a combined effort between changing passwords periodically and also having different passwords for “primary” and “secondary” accounts that are not easy to guess.
Before getting into what “primary” and “secondary” accounts mean, and as you read the article you would understand why I place emphasis on the difference. You should always have a principal e-mail address. You can have as many secondary addresses as you want, but you should always keep one e-mail address as your most important one. If you only have one e-mail address then consider that your principal address. Secondary e-mail addresses you might use for junk, gaming, signing up at websites that require an e-mail address, etc.
Now we can move on and define a “Primary” account is. Any OS password, bank account, paypal, or any login that would have a financial impact if broken into should be considered primary. If you are a web admin or had a weblog I would also consider any of those accounts to be primary for the simple reason that if someone deletes all the content, you would lose both time and money recreating it not to mention sentimental value. Last but not least I also include your principal e-mail password in this primary group.
“Secondary” systems are various secondary e-mail addresses, logins for signing up at websites, message boards, e-mail lists passwords are all less likely to need as much attention as your primary accounts.
Now that you are confused, lets start with the “Secondary” systems passwords. I would recommend that you get a very hard to break password and just stick to it for all of the secondary accounts. Most of them you are seldom going to use and you do not want to make them hard to remember by having a stream of unimportant emails. We need your time and effort dedicated to primary accounts. So once you have come up with a general “Secondary” account password stick to it and just keep on using it. Besides if it is ever broken you do not use it for anything of much importance.
Your “Primary” accounts passwords are the most important. For them to be secure they should be changed periodically and they also has to be hard to break. This poses the first problem. How am I going to change my password all the time and not remember it? Most people don’t change their passwords as often as they should because of this reason, fear of forgetting the password. Some people have never changed their password from their original one used. Here are some simple tips on building passwords that are not easy to break and you can always remember them.
Never use personal information. The first trap many people fall into is using their child’s name, or their pet’s name. Worse is to use someone’s birthday. If someone wants to guess your password, this is exactly where someone is going to go for information. Most of the time when someone is trying to obtain a password they go to personal information right after they have exhausted commonly used passwords such as secret, password, love, god, or a four-letter word. Also never use number only streams, 1234 or your phone number, all of which are not good passwords.
The first step in building a good password is to go ahead and use your favorite things, but in a slightly different way. Lets take your favorite number. I know I just said not to use number streams but we are going to mix numbers and letters to build better passwords so just stay with me. So let’s say that your favorite number is 1. Use that number but in combination with others. For example, the password at your work has to be changed every month. Use your favorite number and add it to the month of the year, so now you have a variation in your arsenal for building the password. You will always be able to remember your favorite number and the current month. Another thing besides adding it is just using it, so for this month you could use 7 or 16.
The second pieces of the puzzle are your word streams. Here is where it gets fun. Use your guilty pleasures, like that movie that you love secretly but are too embarrassed to tell others. Things like this will make awesome password character streams. Other useful words to mix into your streams are trivial things like that pop bottle that sits on your desk all the time. For different websites your trivial word can also be related to the action, so for your bank your trivial word could be penny or the first word that comes to your mind when you hear the word bank. So if I were to change my password this month I would have used rounders7pop for a password as an example. It is not excellent, but it is a lot better than some of the passwords that some people use.
Third step is to use numbers for letter replacement. Some simple ones are Zero for O, 3 for E and 4 for A. Using this method you make your passwords a little stronger, my password for the moth just became r0und3rs7p0p. You can always take this method further and make the replacement your own, like you always replace P with 2 no logical reason for it.
Fourth step in our strategy is to use capital letters mixed in. Some systems do not allow it but if they do use it. I like using capital letters in the place of spaces would go, also at the beginning and ending of the stream. So my password is now R0und3rs7PoP. A little bit harder to crack, easy to remember and probably not as simple as the ones that you already might have used before. To me, coming up with passwords is fun, something I enjoy. There are random password generators out there that you can also use to come up with even better passwords, the problem I have with them is that most people do not memorize them but rather write them down which in most environments defeats the purpose of having a password.
My last tip is to use special characters when the system allows it, and & * or % can go a long way into making a password. The two most important things to remember is to make it something that no one can guess, and of course something you will not forget!
Disclaimer, these are only tips and I am not at all responsible for your security. You are free to use the ideas contained in this guide, as you see fit. I am just trying to help people that might not change their passwords out, not trying to tell people what to do.