Tips on Creating Strong Passwords
|June 26, 2014
After learning of the Heartbleed/SSL exploit, internet security experts recommended that passwords be changed on websites that are frequently used in order to protect personal information. (Heartbleed Bug Exposes Internet Data) Here's a hit list from Mashable of websites where passwords should be changed. The following are general recommendations for creating a strong and complex password:
A Strong Password Should:
- Be at least 8 characters in length
- Contain both upper and lowercase alphabetic characters (e.g. A-Z, a-z)
- Have at least one numerical characters (e.g. 0-9)
- Have at least one special character (e.g. ~ ! @ # $ % ^ & * ( ) - _ + =)
A Strong Password Should Not:
- Spell a word or series of words that can be found in a standard dictionary
- Spell a word with a number added to the beginning and/or the end
- Be based on any personal information such as family name, pet, birthday, etc.
- Be based on a keyboard pattern (e.g. qwerty) or duplicate characters (e.g. aabbccdd)
Use a Passphrase or a Nonsensical Word:
- A passphrase could be a lyric from a song or a favorite quote. An example of a strong passphrase is “Superman is $uper str0ng!”. A nonsensical word can built using the first letter from each word in a phrase (e.g. C$200wpG., represents "Collect $200 when passing Go."). These typically have additional benefits such as being longer and easier to remember.
The following are vital suggestions for using passwords
- Do not share your password with anyone for any reason.
- Change your passwords periodically—at least every three months.
- Do not write your password down or store in an insecure manner. Never store a password in an unencrypted electronic file or use the "save my password" feature on websites for important passwords.
- Do not use automatic logon functionality on websites or devices.
- Avoid reusing a password.
- Avoid using the same password for multiple accounts or sites.
- If you have an in home Internet router, change the default password. Each router has a basic default username and password combination. This makes it easier for hackers to break into your network.