How To Avoid Bad Password Mistakes

how to avoid bad password mistakes

Yesterday I highlighted 10 passwords and said anybody who uses any of those must be an idiot.

So here today are some tips for avoiding any more bad password choices –

password-mistakes

PASSWORDS SHOULD NEVER BE RECYCLED

Personally I would say that you should never, ever use the same password twice.

Ever.

If, however, you find it difficult to come up with new choices on a regular basis then you may have to.

If you find yourself in this position then try not to reuse an old password for as long as possible, i.e. a year or more.

Additionally, you should have used many other passwords in the mean time before returning to an old one.

PASSWORDS SHOULD NOT INCLUDE ANY PERSONALLY IDENTIFIABLE INFORMATION

If someone has specifically targeted you then they will already know a great deal of your personal information.

If not, and they are determined enough, then they could probably find out a lot more about you than you realise by searching on the internet.

Therefore, any words, numbers or phrases that can be connected to you are bad choices.

For example, your name, date of birth, mother’s maiden name, etc are all bad password choices.

NEVER CREATE PASSWORDS WITH REAL WORDS

The length of a password doesn’t usually have much bearing on how long it would take a hacker to break it.

If you are using proper words, of any language, then a dictionary attack will always succeed sooner or later.

Password crackers are, generally speaking, looking to get results in the shortest possible timeframe.

If your password is easily guessed with a dictionary attack then you will be a quick victim.

To avoid such password guessing tools you want to avoid words, especially the most commonly used ones, such as sex, dragon, love, god, pass and password.

PASSWORDS SHOULD NOT BE SIMPLE ALTERATIONS TO COMMON WORDS

Ok, so you think you are cool because you can type in the latest fashion.

Don’t think for a minute that that will allow you to create safe passwords though.

Just because you can swap the letter ‘a’ with an ‘@’ symbol don’t be thinking that a password cracker won’t think of doing the exact same thing.

Words such as ‘s3x’ and ‘dr@gon’ are only very slightly more secure than the properly spelled versions of the same.

DO NOT THINK YOUR PASSWORD IS SECURE SIMPLY BECAUSE YOU HAVE USED TWO OR MORE WORDS

Words are very easy for a password cracker to guess.

End of.

Making a password out of more than one word doesn’t add very much at all to the difficulty of cracking it.

Passwords such as ‘letmein’ are remarkably easy to guess.

You need to be much cleverer than that!

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] now and wondering to yourself what exactly a passphrase is. More than likely you have heard of a password but may not have heard of a passphrase. While the two are very similar there is a slight but very […]

  2. […] should also be aware of some of the other common password mistakes that many people […]

  3. […] you arn’t already aware of the bad password mistakes I’ve mentioned before then here they are again and with a few extra tips thrown in […]

  4. […] How To Avoid Bad Password MistakesSecure Your Online Passwords With These 5 TipsWhy You Need To Explain To Your Employees How Improper Passwords Can Put The Company At RiskAdopting Poor Password Security Is Like Laying All Your Cards On The TableWhat Are My Courses Of Action If My Personal Details Have Been Lost Or Stolen?How Can I Prove That I Am A Victim Of Identity Theft?Graham Cluley On Password SecurityThe New Microsoft Authentication Method – U Prove10 Tips For Creating Effective PasswordsWhat Exactly Is A Password Manager? […]

  5. […] It?Twitter Hack Highlights Need For Password Variety6 More Ways To Protect Your Wireless NetworkHow To Avoid Bad Password MistakesWhat Exactly Is A Brute Force Attack?Who Has Been Phishing In MySpace […]

  6. […] How do you keep up with all of those accounts and the different passwords that you use for each? (You do use a seperate password for everything you do online, right?) […]

Speak Your Mind

*