4 Tips for Setting Secure Passwords
Late last week DreamHost was hacked and the call to change passwords for user accounts went out quickly. I don't personally know anyone who had any issues with the security problem, but nevertheless, it's a scary situation to be confronted with.
A lot of times, due to the overwhelming number of passwords you have to remember, people will choose easy-to-remember passwords, and/or repeat the same passwords over multiple sites.
There are a few ways to generate passwords that are secure and there are tools to help you do this. Here, we're going to cover a few basics for selecting a secure password.
Make a habit of changing passwords regularly
Some platforms won't force you to change your passwords, some will. Regardless whether the site makes you do it or not, you need to be in the practice of changing your passwords yourself.
When I was still a part of corporate America, our computer systems forced out password changes every 30 days. I think this is a good rule to live by. Change your passwords for your crucial profiles at least every 30 days to make your profiles secure.
Avoid common password pitfalls
I know, and I understand. With so many passwords to remember, you want something that you can remember and use in a variety of different places. I know. But that's not really a good idea. Your passwords need to be unique and random. They need to have both letters (upper case and lower case) and numbers, punctuation marks and even symbols when the system will allow it.
Don't use your birthday, your spouse's birthday, or your children's birthday. Avoid using patterns or easy, correctly spelled words, and don't use repeat characters thinking that some identity thief will be fooled. And for goodness sake, whatever you do, don't ever use "password".
How to generate a strong password
Make all your passwords at least ten characters long. Why ten characters? Because that's two more than eight, which is a fairly common minimum number for passwords.
Some systems will let you use punctuation marks and symbols in your passwords so do it. Yes, I know they're hard to remember, but would you rather have a hard-to-remember password that's not easily cracked, or be on the phone with your hosting company, bank, credit card company, etc. trying to recover your identity? A string of ten random characters - numbers, letters (both upper case and lower case) and symbols - will be hard to crack.
Instead of a pass "word" think of a pass "phrase". Using a substitution pattern for numbers and letters you can create a sequence of words separated by dashes or underscores to create something incredibly secure. It's also recommended that if you're going to use a pass phrase then choose at least 3 words.
Use a password manager to remember your passwords
Using a text-file on your computer probably isn't a good idea, but using tool like LastPass is. It can generate passwords for you, auto-login, auto-fill, etc. all so you don't have to worry about it. LastPass' password generator is an awesome tool and easy to use. You can set the password parameters you want to have (character count, character types, etc.) and create an incredibly strong password.
It will remember all of your passwords, it's secure and easy to use, and best of all it's free! Yes, there is a premium version which includes support for mobile devices, but it's only $12 per year and that's a pretty awesome deal. Using something like LastPass you only have to remember one password. But make it a good one.
So next time you need to change your FTP password, SSH password, or any other password, make sure it's secure and avoid the headache of having to rebuild from scratch.
image by Wysz
