Creating a secure password is one of the most important things you can do to prevent break-ins into your Internet account.
How secure is my password?
One of the easiest approaches identity thieves use to get hold of other people’s accounts is just guessing their password. That’s right, many people make passwords that are not secure. They are either very short or contain information that a person only slightly familiar with them can guess. Slightly familiar might just mean – they know you from Facebook. If your password is less than 8 characters, or contains words, phrases, or names that can be found in a dictionary, your password is not very secure.
The problem many people face is to think up a password they won’t forget, but at the same time cannot be guessed by other people.
A secure password should be as long as possible and a combination of letters, numbers, and special symbols. It should be easy to remember and difficult if not impossible to guess.
Aim for a length of at least 8 character. If you want to protect sensitive data, (e.g., an encrypted hard drive) I would go for a password with at least 15 characters. The longer you can make your password, the better. Make sure you don’t use your spouse’s, child’s or dog’s name, birthday, or any other information that can easily be guessed. Also, don’t use your credit card number or the like as a password. – Or would you want the owner of a website to get hold of this information?
How to create a strong password?
Pick a random book or magazine from your shelf (don’t let anyone know which one you picked). Choosing a piece of writing which is rather unknown or hasn’t been published is even better.
- Flip through the pages, and try to find a memorable sentence of at least 15 words that also contains some numbers as well as some uppercase and some lowercase characters.
- Memorize your own sentence (not the one in my example below) and share it with no one! Make sure you also remember the capitalization of the characters. If you don’t feel comfortable with one particular sentence, pick another one. You can even create a sentence by yourself.
- Next, take the initials of each of the words and numbers to create your password.
A moment a go, I just followed the procedure above, and found the following sentence:
On March 14, Phnom Penh International Hotel is opening its new Italian restaurant. All food is 50 % off.
Next, I take the initials of each of the words and the numbers and create my password. In this case, I get a password with 19 characters: OM1PPIHioinIrAfi5%o
How to recall your password?
When you want to recall your password, just mentally replay the sentence you memorized, typing only the initials. In the beginning, it may feel a bit awkward, but after typing it a few times, it becomes almost automatic, and you don’t even have to think about what to type.
Should you use an online password checker to verify the strength of your password?
Many websites check your password strength when you sign up, for example by displaying a multicolored bar. While some website’s checking procedure is not rigorous enough, if your website signals you that your password is too weak, you should take that serious.
I advise against finding and using a third-party password checking website on the Internet. While the website might have been set up in good faith, it might as well be a front for stealing passwords or the password might be transmitted or stored in an insecure way.
I am providing the link to a password checker by Microsoft for your reference. I am convinced Microsoft is not out to get your password, but, I still recommend that you only use it to get an idea about password security. I would not input a password you really intend to use.
Some additional tips to help you to prevent password theft
- Replace some characters in your acronym by special symbols. However, when you do that, create your own substitutions. Do not use common conversions such as @ instead of a, or 2 instead of to.
- Don’t forget to log out and don’t forget to clear the cache of your web browser if you are using a public computer.
- If you can avoid it, do not use a public computer at all since it might contain software which records everything you type (including your username and password) and sends it to a thief via the Internet.
- Install and regularly update security software on your own computer to ensure that your own computer doesn’t contain hidden programs or viruses.
- Don’t click on links or fill forms provided in emails, or unknown websites when you want to log in to a specific website (or even worse your online banking account). The link might lead you to a website that looks exactly like your bank, but is just a copy designed to steal your username and password. This trick is widespread. Instead, directly type the address of your website in your web browser.