Creating strong passwords
Every person today has many online accounts - banks, e-mails, online shops, etc. Good password practices tell to create a unique and strong password for each account and change passwords for critical accounts (banks, online shops, etc) at least twice a year. Crazy? Not really, you can use the free Password Safe to store and auto-fill login credentials securely.
If you use the same or easy-to-guess password (for example, "meme12" and "meme21" for different accounts) for each account you have, you might easily become a victim of credit card fraud or identity theft - suppose your Facebook account gets hacked and you have that same user name and password for all other accounts. Cybercriminals would now randomly test your username/password combination in Twitter, LinkedIn, Google, Yahoo, Amazon, iTunes etc and they would easily break into each account you have. Next, they will use your credit card info or your account to spend your money!
Never allow any web browser to store your user names and passwords! Any malware is capable of stealing these within seconds.
Let's begin with something you must not do. Never use sequence of same characters or numbers for a password - "aaaaa" or "55555555" are not good. Do not try to fool yourself with repetitions such as "aa55aa" - they are just as easy to guess for a computer! Typing adjacent things such as "qwerty" or "7890" on your keyboard is a practice just as bad. Passwords are being cracked by computer programs, not people, so it takes less than a second to guess those. Computers are really fast at guessing simple passwords, you know.
Never use your name, login name, any combination of your first and last name or phone number or birth date or address or any of your personal information as a password. Any single word in dictionary is not good either (but using more than three words is ok).
When you use character substitution, don't think that bad guys will not expect that. Their programs guess 'Linux' just as fast as "L1nux" and "Password" as fast as "P@ssw0rd". Add some misspelling and more words!
And don't even think about using "password" for your password!
In longer run, never use sequences in passwords, such as "ThisIsAWeakOne11", "ThisIsAWeakOne12", etc. If cybercrooks get access to one of your passwords, these sequences are tested first.
What makes passwords strong?
- A password should be at least 10 characters long, but more than 14 characters is much better. Just use more than three words or full sentences to enhance your passwords.
- Shorter passwords (10 to 14 characters) must combine upper- and lowercase letters, numbers and symbols. Use character substitution and misspellings in such cases.
- Use words that do not repeat the same characters too much. For example, "Mississippi" contains only four different letters and this makes cracking it a breeze.
Think passphrase, not password!
Think of a sentence or combination of words you know well and therefore remember easily. Maybe something from a movie, a book or a song you like. Remember, the longer your passphrase is, the harder it is to crack it.
I'll use "Help me, I'm blonde!" as an example. It is a good starting point, because it already contains uppercase letters and punctuation.
- First, substitute some letters with numbers to get "H3lp m3, 1'm bl0nd3!" by replacing "e"-s with "3"-s, "i" with "1" and "o" with "0".
- Second, add some obscurity by misspelling - "H3lP m3,1bl0nd33!".
- Finally, add a number to the end of it - "H3lP m3,1bl0nd332!". Sounds a bit like "Help me, I blondie too!", doesn't it?
You can also use bad grammar to make your passphrases a tad stronger. For example, "The quick horse 4th is a one!" is harder to crack than "The 4th horse is a quick one!". Yes, the common "noun-verb-adjective-adverb" grammar is so common that it makes cracking passphrases faster.
You can quickly check your password strength at Passwordmeter.com or this Microsoft site. If your passphrase gets rated at least "Strong" there, you are fine. You can even find out how long it takes to crack your password at Passfault.
Some character substitutions
Here are some common character substitutions:
- A = @ or 4
- B = 8
- C = ( or [
- E = 3 or €
- G = 6 or 9 (g)
- H = #
- I = 1 or ! or |
- L = 7 or ! or |
- O = 0 (number zero) or ¤ or ()
- S = 5 or $ or §
- X = %
And why not use word substitutions? Replace "you" with "u", "too" with "2", "free" with "3", etc. U 2 c@n B 3!
The other good method is shifting keyboard characters one key to the right - for example, replace "A" with "S", "Q" with "W", etc. This way, "Eternity" becomes "Ryrtmoyu", strange mumbling, but perfectly rememberable. Just add some numbers to the password!
Hey, this sounded too complicated. Can I still use normal words?
Well, yes... kind of. But you must have at least four to five words, though! Complete sentences are normally harder to crack than some 8-character nonsense, such as "St8+N/v2".
Let me use "Are you hackable or uncrackable?" as an example.
Why this still makes a good passphrase:
- First, it is long - 32 characters.
- Second, it contains one capital letter, spaces and a question mark.
- Third, it is easy to remember.
You can use your favorite movies, books, songs, quotes and many others to create good passphrases.
There is another good approach that adds great deal of complexity to Windows passwords - using Alt + numeric keypad keys to enter characters that are not available on standard keyboards. You will have to turn keyboard's Numeric Lock on for this to work - find the Num Lock key on your keyboard and press it repeatedly to see if a light turns on and off on. If the light is on, the Num Lock is engaged.
Remember, this method will not work for web passwords! And laptop users are often required to hold down the fn key to access numeric keypad keys.
OK, let's get to the point. Pressing Alt+3 enters a character ♥. Why not use it for password such as "I♥my C@r!"?
Alt+1+6 (or Alt+16) enters ►, why not "mY 0ff1ce IZ to tHA ►"?
Some useful special characters are:
- ☺ - Alt+1
- ♥ - Alt+3
- ♦ - Alt+4
- ♣ - Alt+5
- ♠ - Alt+6
- ♪ - Alt+13
- ♫ - Alt+14
- ☼ - Alt+15
- ► - Alt+16
- ◄ - Alt+17
How many passwords?
Never use only one or two passwords or passphrases for every account you have. In today's world you probably have at least a dozen different accounts. Create at least six different passphrases and try to change them a little every year or two. For example, change the previous "Hm,Ib+04" to "Hm,Ib=81" after a year. Just do not go the one-digit changing way again! Change at least 3 characters or symbols every time.
How to keep passwords?
Just memorize them. If you have really many accounts and many passwords, try using some password manager program. Password Safe is a good and free one. You then need to remember the master password to password safe only.
Never ever write passwords to a piece of paper, sticky note or something like that. If you do, destroy those papers by burning them or tearing to a million pieces and flushing down the toilet. Remember, if you can see your password on paper, so can all others.
Do not keep your passwords in an unencrypted or otherwise unprotected text files on your computer, mobile phone or some online storage account. If you can open the file without password, so can everyone else. Read the Password Safe article and use it instead.
In Windows XP, click Start button or press Windows Key on your keyboard and choose Control Panel.Click here to show or hide instructions on creating/changing passwords in Windows XP
Control Panel looks different when you have it in Category View or in Classic View. In Category View, click User Accounts:
Or, if you have Control Panel in Classic View, click User Accounts:
If you have Control Panel at Category view, click Change an account. You do not need this step when your Control Panel is in Classic View!
Click on your user name at bottom of page:
Click Create a password if you don't have one, or Change my password if you already have a password:
If you already have a password, type it in the Type your current password box. If you don't have a password, leave the box empty.
Next, type your new password both in Type a new password box and Type the new password again to confirm box.
Type a password hint (not the password itself!) to Type a word or phrase to use as a password hint box. Never use the real password as a hint! For example, if your password consists of your favorite actor and your favorite car name, use "my favorite actor and car" as a hint.
Finally, click the Change Password button.
In Windows Vista and 7, use keyboard shortcut Ctrl+Alt+DeL and click Change a password.Click here to show or hide instructions on creating/changing passwords in Windows Vista and 7
If you already have a password, type it in the Old password box. If you don't have a password, leave the box empty.
Next, type your new password in New password box and Confirm password box.
Finally, click the Change Password button (the round button with arrow pointing to the right).
In Windows 8 and 8.1, open Settings search using keyboard shortcut Windows Key+w and type a part of "password". This will open a list of results, click Change your password (Windows 8) or Sign-in options (Windows 8.1).
Please do not use PIN or Picture Passwords in Windows 8/8.1! They are easy to steal and guess by people or cameras behind your back, and they are not stored securely. See this Ars Technica article for more details.Click here to show or hide instructions on changing passwords in Windows 8 and 8.1
Modern UI/Metro PC settings app opens. In Windows 8, click Change your password button in Sign-in options section. If you don't have a password, the button reads Create a password instead.
In Windows 8.1, click Change in Password section.
Current password is required unless you're creating a new password. Type it in and click Next.
For Microsoft accounts, type in your old password (current password) and then specify and verify a new password. Please note that this will also change the password for all other services connected with the Microsoft account - for example, Outlook.com, Skype, SkyDrive, etc.
For local user accounts, type and re-enter new password. You can also add a password hint for times you just can't remember it. Please do not use the full password for hint!
Click Next to move on.
And finally, click Finish.