We’ve all done it at one time of another; used a bad unsecure password. I’m actually certain you’re still using at least one now somewhere.

Really, who hasn’t used one of their pet’s or child’s names as a password? Maybe you thought you were smart and added a number to the end of it to make it “clever” and harder to guess. I’m sorry to say but the only person you’re fooling is yourself and leaving the doors wide open.

I hope at the same time you didn’t also use that password as your end all, be all password that you use everywhere, write it on a Post It note and stick it on your computer monitor (but there again, I’m sure you’ve done that too).

Let’s try to fix that right now.

Scope of this article

Password are used everywhere now a days: Facebook, Twitter, email, YouTube, web banking, computer login (what, your computer isn’t using a password to login?), WiFi networks, garage door combination, even your phone. That’s only scratching the surface. Almost every website service you use requires some form of login and password. I have well over 60 different services that I use that all require a username and password.

Now I’m not going to get into creating passwords that brute force computers couldn’t get into. I’m talking about improving your current passwords for the majority of users so that humans and basic scripts couldn’t easily get through. If you’re concerned about creating passwords that a computer designed to break into your service couldn’t figure out within a reasonable time frame, then this isn’t the article for you and you have much more reading to do.

Let’s just say that a basic computer (under $1000) can easily go through 30 billion words/ second. In perspective, the Oxford English Dictionary lists over 250,000 distinct words. These don’t include slang or words that belong to multiple word classes (e.g. plural words). So let’s bump that up to 1 million just for the fun of it. That means a computer could go through every word in the English dictionary a fraction of a second. Even combining two words together doesn’t make a dent in the calculations. Do I have your attention now?

The problems we have with passwords

1. We’re lazy – Passwords are closed doors in our path to getting what we want. We want the quickest way in, so we use password that are quick to type and think about. We don’t want to think and so we also reuse that same password on a variety of services that require them. We can easily remember our child’s or pet’s names.
2. We forget – Let’s be real. We have millions of things running through our heads every day. We don’t want to have to remember another thing. That’s why people write their passwords down and again use the same set of passwords over and over.
3. “It won’t happen to me” mentality – We all know we should use better passwords, but almost everyone thinks, “Who’s going to want my information?”, “It’s not going to happen to me”, “I don’t have anything of value”. – Is your banking information important? Maybe the code to your garage door that gives access to your home? Or your Facebook account that you’re listed just about everything about you on (remember your relationships within Facebook give A LOT of information about you)
4. We don’t know any better – There’s also those that just don’t know any better, although in this day of age, I think that’s a poor excuse and after this article, you can’t use this one anymore.

The solutions to making strong passwords

General password rules

• Don’t use any common names. No family members, pets, house address, telephone numbers (or part of) etc. Things that are easily identifiable of you. Remember, if I as a human wanted to attempt to break into your Facebook account, I would start by guessing things that I know about you. Your sister’s name, kid’s names, street name etc. Then I’d follow up by adding the number 1. Example: jonny, jonny1, princess, princess2010.
• Don’t give out your password to anyone. This is common sense, but people still do this.  It’s a password to keep people out. Don’t trust anyone because you never know. They might be your best friend today, but will they be tomorrow? I can’t believe the number of times were people that barely knew me gave me their account information to get into their services. If I wanted to (which I would never do), I could have changed their passwords and lock them out of their own services or worse…
• Change your passwords every once in a while. I won’t go into paranoid mode, but change your passwords every 6-12 months. It’s an added level of security.
• Don’t use the “remember me” feature on public computers or a computer that other have access to. It leaves it wide open for the next person to come and jump right back in. On the same idea, log out of the service when you leave. Don’t just close the browser. You could be setting yourself up for the same situation.

Passphrases

I learned this trick years back. The idea is that a random phrase is easier to remember and harder to crack then a short password of random characters and numbers (there are exponentially more combination possibilities). Mix in a few symbol replacements and numbers and you have a decent password. Here’s an example (don’t use this as your own password since it’s publicly listed):

Compare:

Note that I replaced spaces with hyphen since some website’s won’t allow spaces in the password.

The key is in picking random phrases that you can remember and replacing some of the characters with numbers, symbols and uppercase letters.

Other Tools

So you know have a little trick to create better passwords that are easier to remember. I possibly even managed to get you to “upgrade” your password to something more random, stronger and easier to remember. So now you don’t need that sticky note on your computer that says “password123”.

But wait, you’re saying “I have well over 20 different services that require a password. I won’t be able to remember all of them”. You’re probably right and you don’t want to use that same password of all your services (that’s bad remember). Let me introduce you to a little free tool that I can’t live without, KeePass.

Let’s quickly look at why I like it.

• It’s FREE – hello!
• It encrypts your password file
• Runs on Windows, Linux, Mac, Windows Mobile Phone, iPhone,  iPad,  Android, Blackberry, Portable Apps, PocketPC (am I missing something?)
• Strong random password generator
• Can be used in conjunction with your browser
• Group passwords
• Password to open the encrypted master list

If you have a Dropbox account (free), you can even make your password file available to you everywhere (I have mine synced to my work PC, phone, laptop, Portable Apps USB, Android tablet and my Linux test computer)

There are many more features, but those are the ones I really like. I use the program so I don’t have to remember my passwords on the services I don’t visit frequently. I just open the program, enter my KeePass password and have access to all my passwords. I can easily copy and paste the passwords from the program and don’t have to care about how long or complicated the password is. It’s copy and paste.

When done, close the program and the file is locked down again. If I maded changes to the password list and I’m keeping my password file in Dropbox, then all my devices and computers are updated too.

So really, I have about 5 good passphrases that I use for common services I access all the time and one for KeePass. The rest of my passwords are all stored in KeePass and are at least 14 random characters long, each one different.

Conclusion

Good password creation and management isn’t hard. Some people just need a little push in the right direction. Don’t be lazy. Go upgrade your passwords right now, you’re well overdue. At the same time, share this article with everyone you know that uses a computer. Odds are, they’re in the same boat.

Hopefully this is the push people need and don’t wait until it’s too late and their accounts are compromised.

So what’s your password?