Good Password Security is Essential

Not open for further replies.


Yellow Belt
Using strong passwords are an essential part of good online security. Otherwise you risk someone else beig able to take over your accounts, whether it's your forum account, bank account, or online shopping account.

Here are some tips to help avoid someone getting hold of your passwords.

Easy to Remember = Easy to Hack
We tend to like to use passwords that we can easily remember, because we're afraid of forgetting them and being locked out. Unfortunately, in this day and age of cyber-thieves, we can't afford that convenience. A password is easy to remember if it follows a pattern or if it's made of real words and phrases. Both of these attributes make them very easy to crack by a computer. Pattern matching is one of the things that computers do best, and a Dictionary Search uses lists of known words to speed up the cracking process, so real words leave you open to hacking. Like it or not, you need to use a random password.

Re-using Passwords is Dangerous
These days you need passwords for just about everything you do online, and one can quickly feel overwhelmed by all those crazy character strings. There's a strong temptation to use a single password at multiple sites, just to keep things simple. Remember, simple for you means simple for a hacker. If just one password is compromised, every account that uses that password is compromised. No, it's not convenient, but you must use a unique password for every single account you create.

Short, but Not So Sweet
Another error many Internet users make is to use short passwords. Again, this is more convenient for humans, but again it's more convenient for hackers as well.

Character Symbols
If you use a password using only lower case letters there are (in the English language) only 26 characters available. That cuts down on the number of possible variations. If you a mixture of upper case and lower case letters, the character set doubles in size, an the variations increase tremendously even with a password only 6 characters long. Clearly there's a benefit to using a larger character set. Add in all ten available numerals (0 through 9) and you add even more strength to your password.

To create a strong password that is easy for you to remember but hard for someone else to determine, try one of these techniques:

Merge two or more words, and combine the words with numbers and symbols. For example: Walk[My]Dog, Po#34tato, Champions=1995.
Abbreviate a phrase you'll remember. It could include numbers and symbols, or words that you can substitute with numbers or symbols. For example: I ride my bike 5 miles each Saturday could become the password Irmb5meS.
Use punctuation and numbers to combine the initials of people or objects from a familiar group, such as your favorite athletes, friends, movies, books, or historical figures. For example: Gandhi, Abraham Lincoln, and Joan of Arc could become the password 1G,2AL,JA.
Drop all vowels from a favorite saying, and then add numbers or symbols. For example: Walk three dogs could become the password Wlk3Dgs.

To be strong, a password must:

Contain at least seven, but no more than 16, characters.
Combine three of the four different types of characters:
Uppercase letters (for example: A, B, C).
Lowercase letters (for example: a, b, c).
Numerals (for example: 1, 2, 3).
Symbols (' ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /).
Not be a common word or name, or a close variation.
Some service providers require that a strong password also:

Not be the same as any of your four previous passwords.
Not be a minor variation of your old password. For example, if your old password was Champions=1995, a new password of Champions=1996 would not be acceptable.


Don't use one of the above examples as your password.
Don't write down your password.
Never give out your password in an instant message conversation or share it with anyone else. You should never be prompted for your password in an e-mail.
If you have more than one e-mail account, for instance, one for work and one for personal use, you should use a different password for each account.
Not open for further replies.