Keeping Your Passwords Private Part Two

Following the recent list of what PC Magazine claim are the 10 most commonly used passwords by computer users, in part one we started to look at how you can protect your passwords and keep your booty safe.

Microsoft Password Checker
Microsoft offers a handy Password Checker application that lets you input text to test the strength of your passwords, from weak, medium to strong to best (it’s not that we don’t trust Microsoft, but we still changed our passwords around a bit when were testing them).

The toughest passwords should look like a random string of characters, be at least eight characters long (preferably 14 characters or longer) and include a combination of uppercase and lowercase letters, numbers, and symbols.

Put simply, when it comes to passwords – like a lot of things in life – longer is better.

Here’s Microsoft’s six-step guide to creating a strong, memorable password:
1. Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as “My son Aiden is three years old.”

2. Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.

3. If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you’ve created to create a new, nonsensical word. Using the example above, you’d get: “msaityo”.

4. Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden’s name, or substituting the word “three” for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become “My SoN Ayd3N is 3 yeeRs old.” If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like “MsAy3yo”.

5. Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of “MySoN 8N i$ 3 yeeR$ old” or a password (using the first letter of each word) “M$8ni3y0”.

6. Test your new password with Password Checker. Password Checker helps determine your password’s strength as you type.

What not to do
The big no-no’s of passwords is to avoid repeating sequences or characters (e.g. “12121212”, or “abcdefg”), don’t use obvious replacements of characters with symbols (“Micro$oft,” “App13” etc) and to never use any part of your name, birthday, social security number, football team or anything else that people might know.

Dictionary words should be avoided in any language – even Welsh! – and that includes spelling them backwards or employing common misspellings and substitutions. And naughty words are apparently pretty damn obvious to hackers too.

It’s important to keep your passwords secret, so that means not sharing them with friends, family or workmates or leaving them on stick-it notes on your monitor, or scrawled on the back of your notepad, address book or mobile phone.

Finally, never give out your password over email and try to change it regularly. You’re particularly at risk when using computers in Internet cafes, computer labs, shared systems, kiosk systems, airport lounges etc where dastardly hackers may have sneakily installed keyloggers to record your every move, so you’d be bonkers to access your bank on a machine you didn’t fully trust.

Further Reading

How I’d hack your weak passwords
Password strength
Choosing Good Passwords – A User Guide
Top 10 Most Common Passwords (UK)