There are the best-practice gurus say you must use, then there is real life.
In this post, I hope to provide some guidance so that you can decide what makes the most sense for you.
Keep email and bank account passwords different and unique from other passwords. Do I really want my bank account, web-based email, and amazon account to share the same password? If one account was compromised, it could be easy for others to be also.
That doesn’t mean that every single account has to have a separate highly unique password. Have you counted up the number of passwords you need to get through your day? I think you should have at least four different ones — bank, email, and two others that you rotate among your other needs. If you want more — please, go for it, but at the very least, four. I have ten I juggle for personal use.
These passwords should contain a mix of at least eight mixed case letters, numbers, and symbols.
Should software manage your passwords? Many applications exist that let you auto-generate passwords and just copy and paste them into the many websites you encounter throughout the day. I’m still on the fence weighing the benefit when compared to the password risk if the rest of these guidelines are followed. Feel free to persuade me otherwise.
If you make thematic choices for your passwords, you will create something you can more easily remember without resorting to post-it notes on the monitor. Furthermore, if you keep a piece of paper with your passwords (yes, I write down prompts for mine), don’t make the password and account pairings obvious.
Using apples as a theme, three passwords could be:
- gr3enApp73S
- ApP1epiE#1
- C&yaPP1es
Do you remember playing with a calculator and having it spell words? You can go further today and use the semi-randomness in what is known as Leet to make number or symbol substitutions for characters that are somewhat meaningful for you.
Please try not to put dates disguised as number strings at the start or end of your password. Just take my word on it that makes it easier to hack.
pwcllc0505
is not a good password,pwco5L1C05
is better.Change the default password. The router from your internet provider probably shipped with a default username and password, most likely
admin
andadmin
. It is possible to change both, at least on all the routers I’ve encountered. Please never leave the password as password! Don’t worry, there is a way to do a hard-reset to put it back to the manufacturer’s default. Self-hosted WordPress added the option to change the initial administrative username with version 3.0. If you have been upgrading since before this release and need assistance changing out your oldadmin
account, please do not hesitate to contact me.Change your passwords more than once a decade. When was the last time you changed your Amazon password? I think you should change your passwords at least every six months, or at least rotate the innards of them around if you don’t want to change them completely. Why? Given the rapid changes in technology and daily emergence of potential threats, it should at the very least be an annual change.
- Change your passwords if you lose your smart phone
or suffer a computer virus attack. I don’t think it should be a mere rotation. Make them different. It will be annoying for a bit, but it will help you out in the long run.
If you use any application (other than taxes) that requires you to log in with your social security number please think long and hard if you must use that online service. I didn’t manage my 401K online until they introduced user names.
some additional reading:
- Grimes, Roger (20090522) Test the strength of your password policy InfoWorld
- Pinola, Melanie (20110510) What Professional Password Guessers Look for in Your Password. lifehacker
- Prior, Anna. (20100321) Use Various Passwords. The Wall Street Journal (online edition)
- Richmond, Riva (20091028) Passwords 101: How to Protect Your Company’s Data. The Wall Street Journal (online edition)
- Trapani, Gina (20060705) Geek to Live: Choose (and remember) great passwords. lifehacker
Peter Lyons says
I’m a fan of LastPass for password management. You should try it out for a bit.