- What NOT to do: Worst Passwords - SplashData
Password Guidelines:
-
Make your passwords long — preferably more than 15 characters, but at least 8. Do not use someone's name, nor any single word found in a dictionary. It may help to put a symbol (i.e., !@#$%^&*(), etc.), and/or a number in it, but most importantly, make it long.
-
Remember: If it's in the dictionary, don't use it! Hackers use a "dictionary attack" program — automatically trying every word in the dictionary, and every combination under 8 characters (including numbers), until they break in.
-
As long as the web site or program allows long passwords, pick three or four random common words, and string them together with no spaces between them, such as correcthorsebatterystaple —
- Here's why: Password Strength - "xkcd" by Randall Munroe
- Easily get random words with the Random Word Generator - watchout4snakes.com
- As another approach, think of a sentence or phrase that you know, and others don't, and then make a long acronym out of it. For example, "Mama don't allow no guitar playin' around here" becomes mdangpah.
- If the web site or program requires a capital letter, number, or symbol, go ahead and put it in an easily-remembered place. Remember, length counts more than complexity.
- BAD passwords look like fido, paris, sally, <your car license number>, <your sweetheart's name>, <your birthday>, etc.
- Too many passwords to remember? Try a secure password manager program:
- Best Free Web Form Filler / Password Manager - Gizmo's Freeware
- Best Password Managers - InfoWorld
-
You could also keep your passwords in a password-encrypted Excel spreadsheet (of course, if you forget that password, you're sunk!) .