Stop repeating simple passwords!
You know it. You've heard it a million times. More and more information is being housed on the web these days. Personal information. Information you don't want others to get to.
There are two barriers that keep your information secure from unwanted eyes:
All of the risk should lie in the first point. That risk is unavoidable (assuming you aren't the builder of the system). But, the amount of risk within the second point is entirely up to you. So keep your password secure, and use these tips to help:
I use to have a different approach to this method. I would say things like, replace letters with numbers, use a math formula, use parenthesis. Those are all fine if humans are guessing your passwords. But most of the direct password attacks are going to be brute force attacks. And with a brute force attack, length trumps complexity every time, because every character you add to your password makes it exponentially more time-consuming for a brute-force method to win.
I recommend a couple approaches to stay in line with the length-over-complexity approach:
Writing a sentence you will remember can be an easy way. And why not add spaces and a period while you're at it? For example,
My favorite DMB song is #41. or
#9, Gordie, is the greatest.
Random words will also work. You want the words to have little correlation so a robot can't figure it out as easily. But you also want something memorable. Again, feel free to use spaces. For example,
steak knife card shark or
con job boot cut.
And guess what can work for both these methods? Lyrics, especially those from the Red Hot Chili Peppers. Lyrics are memorable, and if you remember a long enough line, it could be a good password. Try to make it a little obscure, though.
So now you have a strong password. What can make it vulnerable is using that one password for every application and website. If one gets hacked, you'll need to reset all your passwords! No one wants to do that.
A subset of this rule is don't cycle through a password. In other words, if your password is
I am the biggest football fan. and it expires, don't change it to
I am the biggest football fan.2 , change it in a more significant way. Even saying
I am the second biggest football fan. is more secure.
Most website and web applications that require a password follow a simple protocol for retrieving a lost password. For most sites there is an option to send an email to reset your password.
So, if you use the tricks I've given you, you are going to remember the passwords you use every day. For those you don't, you may forget them, but who cares? If you forget, have them reset it and you're good to go. It's worth your two minutes of resetting to remain secure.
Don't write it on a sticky note under your keyboard. And don't create a file that stores your passwords.
Our browsers and operating systems are getting better at this. Still, you don't want your laptop to be your single line of defense, especially if it is not protected by a strong password. If you've let your browser save your passwords and someone gets into your computer, they can get to your account on every site you've saved.
Don't follow a link to change a password from an email unless you prompted it. If your password expires, you'll know next time you login. But if you get an email from your bank, for example, saying your password has expired and you need to reset it, don't do anything! Well, delete it and report it as spam.
Lately I've seen instances where a site's security is compromised and they want you to reset your password. That's okay. Still, to ensure it's not spam (if you aren't sure of more technical ways to tell), just go to the site directly, instead of clicking on a link.
Just be skeptical of links asking you to reset a password and offering a link to do it directly.