www.winhelp.us

Every person today has many online accounts - banks, e-mails, online shops, etc. Good password practices tell to create a unique and strong password for each account and change passwords for critical accounts (banks, online shops, etc) at least twice a year. Crazy? Not really, you can use the free Password Safe to store and auto-fill login credentials securely.

If you use the same or easy-to-guess password (for example, "meme12" and "meme21" for different accounts) for each account you have, you might easily become a victim of credit card fraud or identity theft - suppose your Facebook account gets hacked and you have that same user name and password for all other accounts. Cybercriminals would now randomly test your username/password combination in Twitter, LinkedIn, Google, Yahoo, Amazon, iTunes etc and they would easily break into each account you have. Next, they will use your credit card info or your account to spend your money!

Never allow any web browser to store your user names and passwords! Any malware is capable of stealing these within seconds.

Passwords that are NOT strong

Let's begin with something you must not do. Never use sequence of same characters or numbers for a password - "aaaaa" or "55555555" are not good. Do not try to fool yourself with repetitions such as "aa55aa" - they are just as easy to guess for a computer! Typing adjacent things such as "qwerty" or "7890" on your keyboard is a practice just as bad. Passwords are being cracked by computer programs, not people, so it takes less than a second to guess those. Computers are really fast at guessing simple passwords, you know.

Never use your name, login name, any combination of your first and last name or phone number or birth date or address or any of your personal information as a password. Any single word in dictionary is not good either (but using more than three words is ok).
When you use character substitution, don't think that bad guys will not expect that. Their programs guess 'Linux' just as fast as "L1nux" and "Password" as fast as "P@ssw0rd". Add some misspelling and more words!
And don't even think about using "password" for your password!

In longer run, never use sequences in passwords, such as "ThisIsAWeakOne11", "ThisIsAWeakOne12", etc. If cybercrooks get access to one of your passwords, these sequences are tested first.

What makes passwords strong?

• A password should be at least 10 characters long, but more than 14 characters is much better. Just use more than three words or full sentences to enhance your passwords.
• Shorter passwords (10 to 14 characters) must combine upper- and lowercase letters, numbers and symbols. Use character substitution and misspellings in such cases.
• Use words that do not repeat the same characters too much. For example, "Mississippi" contains only four different letters and this makes cracking it a breeze.

Think passphrase, not password!

Think of a sentence or combination of words you know well and therefore remember easily. Maybe something from a movie, a book or a song you like. Remember, the longer your passphrase is, the harder it is to crack it.

I'll use "Help me, I'm blonde!" as an example. It is a good starting point, because it already contains uppercase letters and punctuation.

• First, substitute some letters with numbers to get "H3lp m3, 1'm bl0nd3!" by replacing "e"-s with "3"-s, "i" with "1" and "o" with "0".
• Second, add some obscurity by misspelling - "H3lP m3,1bl0nd33!".
• Finally, add a number to the end of it - "H3lP m3,1bl0nd332!". Sounds a bit like "Help me, I blondie too!", doesn't it?

You can also use bad grammar to make your passphrases a tad stronger. For example, "The quick horse 4th is a one!" is harder to crack than "The 4th horse is a quick one!". Yes, the common "noun-verb-adjective-adverb" grammar is so common that it makes cracking passphrases faster.

You can quickly check your password strength at Passwordmeter.com or this Microsoft site. If your passphrase gets rated at least "Strong" there, you are fine. You can even find out how long it takes to crack your password at Passfault.

Some character substitutions

Here are some common character substitutions:

• A = @ or 4
• B = 8
• C = ( or [
• E = 3 or €
• G = 6 or 9 (g)
• H = #
• I = 1 or ! or |
• L = 7 or ! or |
• O = 0 (number zero) or ¤ or ()
• S = 5 or $ or §
• X = %

And why not use word substitutions? Replace "you" with "u", "too" with "2", "free" with "3", etc. U 2 c@n B 3!

Key shifting

The other good method is shifting keyboard characters one key to the right - for example, replace "A" with "S", "Q" with "W", etc. This way, "Eternity" becomes "Ryrtmoyu", strange mumbling, but perfectly rememberable. Just add some numbers to the password!

Hey, this sounded too complicated. Can I still use normal words?

Well, yes... kind of. But you must have at least four to five words, though! Complete sentences are normally harder to crack than some 8-character nonsense, such as "St8+N/v2".

Let me use "Are you hackable or uncrackable?" as an example.

Why this still makes a good passphrase:

• First, it is long - 32 characters.
• Second, it contains one capital letter, spaces and a question mark.
• Third, it is easy to remember.

You can use your favorite movies, books, songs, quotes and many others to create good passphrases.

Special characters

There is another good approach that adds great deal of complexity to Windows passwords - using Alt + numeric keypad keys to enter characters that are not available on standard keyboards. You will have to turn keyboard's Numeric Lock on for this to work - find the Num Lock key on your keyboard and press it repeatedly to see if a light turns on and off on. If the light is on, the Num Lock is engaged.

Remember, this method will not work for web passwords! And laptop users are often required to hold down the fn key to access numeric keypad keys.

OK, let's get to the point. Pressing Alt+3 enters a character ♥. Why not use it for password such as "I♥my C@r!"?
Alt+1+6 (or Alt+16) enters ►, why not "mY 0ff1ce IZ to tHA ►"?

Some useful special characters are:

• ☺ - Alt+1
• ♥ - Alt+3
• ♦ - Alt+4
• ♣ - Alt+5
• ♠ - Alt+6
• ♪ - Alt+13
• ♫ - Alt+14
• ☼ - Alt+15
• ► - Alt+16
• ◄ - Alt+17

How many passwords?

Never use only one or two passwords or passphrases for every account you have. In today's world you probably have at least a dozen different accounts. Create at least six different passphrases and try to change them a little every year or two. For example, change the previous "Hm,Ib+04" to "Hm,Ib=81" after a year. Just do not go the one-digit changing way again! Change at least 3 characters or symbols every time.

How to keep passwords?

Just memorize them. If you have really many accounts and many passwords, try using some password manager program. Password Safe is a good and free one. You then need to remember the master password to password safe only.

Never ever write passwords to a piece of paper, sticky note or something like that. If you do, destroy those papers by burning them or tearing to a million pieces and flushing down the toilet. Remember, if you can see your password on paper, so can all others.

Do not keep your passwords in an unencrypted or otherwise unprotected text files on your computer, mobile phone or some online storage account. If you can open the file without password, so can everyone else. Read the Password Safe article and use it instead.

How to change or create a user account password in Windows XP

In Windows XP, click Start button or press Windows Key on your keyboard and choose Control Panel.

How to change or create a user account password in Windows Vista or 7

In Windows Vista and 7, use keyboard shortcut Ctrl+Alt+DeL and click Change a password.

How to change or create a user account password in Windows 8

In Windows 8, open Search pane using keyboard shortcut Windows Key+Q. Type a part of "password" and then click Settings. This will open a list of results, click Change your password.

Please do not use PIN or Picture Passwords in Windows 8! They are easy to steal and guess by people or cameras behind your back, and they are not stored securely. See this Ars Technica article for more details.