www.winhelp.us

Content

Tip: keyboard shortcut Ctrl+F searches in the page contents

Creating strong passwords

Last modified: 2012-01-28 15:18:50 EET

Every person today has many online accounts - banks, e-mails, online shops, etc. Good password practices tell to create a unique and strong password for each account and change passwords for critical accounts (banks, online shops, etc) at least twice a year. Crazy? Not really, you can use the free Password Safe to store and auto-fill login credentials securely.

If you use the same or easy-to-guess password (for example, "meme1" and "meme2" for different accounts) for each account you have, you might easily become a victim of credit card fraud or identity theft - suppose your Facebook account gets hacked and you have that same user name and password for all other accounts. Cybercriminals would now randomly test your username/password combination in Twitter, LinkedIn, Google, Yahoo, Amazon, iTunes etc and they would easily break into each account you have.

Never allow any web browser to store your user names and passwords! Any virus is capable of stealing these within seconds.

Passwords that are NOT strong

Let's begin with something you must not do. Never use sequence of same characters or numbers for a password - "aaaaa" or "55555555" are not good. Do not try to fool yourself with repetitions such as "aa55aa" - they are just as easy to guess for a computer! Typing adjacent things such as "qwerty" or "7890" on your keyboard is a practice just as bad. Passwords are being cracked by computer programs, not people, so it takes less than a second to guess those. Computers are really fast at guessing simple passwords, you know.

Never use your name, login name, any combination of your first and last name or phone number or birth date or address or any of your personal information as a password. Any word in dictionary is not good either.
When you use character substitution, don't think that bad guys will not expect that. Their programs guess 'Linux' just as fast as "L1nux" and "Password" as fast as "P@ssw0rd". Add some misspelling, too!
And don't even think about using "password" for your password!

What makes passwords strong?

• Password should be at least 8 characters long, 12 and more characters is even better.
• It should combine upper- and lowercase letters, numbers and symbols.
• It must not be a word you can find in dictionary. Use misspellings for such words.

Think passphrase, not password!

Think of a sentence or combination of words you know well and therefore remember easily. Maybe something from a movie, a book or a song you like.

I'll use "Help me, I'm blonde!" as an example.

• First, I'll substitute some letters with numbers, so I get "H3lp m3, 1'm bl0nd3!" by replacing "e"-s with "3", "i" with "1" and "o" with "0".
• Second, I'll capitalize some letters to get "H3lP m3, 1'm bl0nD3!".
• Third, I'll add some obscurity by misspelling - "H3lP m3,1bl0nD33!".
• Finally, I'll add a number to the end of it - "H3lP m3,1bl0nD332!". Kind of sounds like "Help me, I blondie too!", doesn't it?

You do not need to make your passwords that long. Try 8-character things first, for example take first letters from the "Help me, I'm blonde" and you'll get a four-character 'HmIb'. Now add the comma, some symbol and some two-digit number (today's date would be good) to it. Why not something like "Hm,Ib+04".

You can quickly check your password strength at Passwordmeter.com or this Microsoft site. If your passphrase gets rated at least "Strong" there, you are fine.

Hey, this sounded too complicated. Can I still use one word?

Well, yes... kind of. But you must make it stronger, though!

Let me use "illusion" as an example.

• First, I'll substitute some letters with numbers again to get "1llus10n".
• Second, I'll capitalize the last letter to get "1llus10N".
• Third, I'll misspell the word to "1luss10N" and add an exclamation mark "1luss10N!"

That's it! It is still a strong password, because it is 9 characters long, it contains upper- and lowercase letters, numbers and a symbol and thanks to misspelling it is not found in dictionaries.

You could add security by misspelling your words right away - why not "krayzee" instead of "crazy" and turn it into "kr@yZ33*"? "bsting" instead of "bee sting" to get "B-st1nn6"?

You could just as well combine two words, say last name of your favorite actor and your favorite car ("Pitt" and "Mercedes" would make a nice password "P1tt+M3rC"). Use your favorite lipstick and magazine or any other combination that you easily remember.

Some character substitutions

Here are some common character substitutions:

• A = @ or 4
• B = 8
• C = ( or [
• E = 3 or €
• G = 6 or 9 (g)
• H = #
• I = 1 or ! or |
• L = 7 or ! or |
• O = 0 (number zero) or ¤ or ()
• S = 5 or $ or §
• X = %

And why not use word substitutions? Replace "you" with "u", "too" with "2", "free" with "3", etc. U 2 c@n B 3!

Key shifting

The other good method is shifting keyboard characters one key to the right - for example, replace "A" with "S", "Q" with "W", etc. This way, "Eternity" becomes "Ryrtmoyu", strange mumbling, but perfectly rememberable. Just add some numbers to the password!

Special characters

There is another good approach that adds great deal of complexity to Windows passwords - using Alt + numeric keypad keys to enter characters that are not available on standard keyboards. You will have to turn keyboard's Numeric Lock on for this to work - find the Num Lock key on your keyboard and press it repeatedly to see if a light turns on and off on. If the light is on, the Num Lock is engaged.

Remember, this method will not work for web passwords! And laptop users are often required to hold down the fn key to access numeric keypad keys.

OK, let's get to the point. Pressing Alt+3 enters a character ♥. Why not use it for password such as "I♥my C@r!"?
Alt+1+6 (or Alt+16) enters ►, why not "mY 0ff1ce IZ to tHA ►"?

Some useful special characters are:

• ☺ - Alt+1
• ♥ - Alt+3
• ♦ - Alt+4
• ♣ - Alt+5
• ♠ - Alt+6
• ♪ - Alt+13
• ♫ - Alt+14
• ☼ - Alt+15
• ► - Alt+16
• ◄ - Alt+17

How many passwords?

Never use only one or two passwords or passphrases for every account you have. In today's world you probably have at least a dozen different accounts. Create at least six different passphrases and try to change them a little every year or two. For example, change the previous "Hm,Ib+04" to "Hm,Ib=81" after a year. Just do not go the one-digit changing way again! Change at least 3 characters or symbols every time.

How to keep passwords?

Just memorize them. If you have really many accounts and many passwords, try using some password manager program. Password Safe is a good and free one. You then need to remember the master password to password safe only.

Never ever write passwords to a piece of paper, sticky note or something like that. If you do, destroy those papers by burning them or tearing to a million pieces and flushing down the toilet. Remember, if you can see your password on paper, so can all others.

Do not keep your passwords in an unencrypted or otherwise unprotected text files on your computer, mobile phone or some online storage account. If you can open the file without password, so can everyone else. Read the Password Safe article and use it instead.

How to change or create a user account password in Windows XP?

In Windows XP, click Start button or press Windows Key on your keyboard and choose Control Panel.

How to change or create a user account password in Windows Vista or 7?

In Windows Vista and 7, use keyboard shortcut Ctrl+Alt+DeL and click Change a password.

 Comments? Suggestions? Ideas? Let me know! 

Your name (public):

Your e-mail (will not be displayed):

Title:

Notify me of new comments to this page:

Your comments/suggestions/ideas (no HTML code!)
winhelp.us owners reserve the right to remove or not publish comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming.
winhelp.us Privacy Policy