In my previous blogs I’ve mentioned “secure passwords” several times. But what actually makes a good password, and how can I test it?
You need a good password in instances where you can’t use a password manager (such as Lastpass). Obviously you can’t type in a 43 character monstrosity every time. A good password has three qualities:
- Difficult to crack
- Easy(ish) to remember
- Easy(ish) to type
Number 1 is obviously crucial, but if 2 isn’t met you will end up writing it down. And some passwords are so hard to type (3) that you just hate them after a while.
Dos and don’ts for passwords
- Do not use a pattern. If it’s easy for you, hackers will think of it. E.g.
- qwerty123456
- qazwsx12
- Do not make substitutions such as 0 for o and 3 for e. It just makes it harder to type (and remember) and won’t slow a computer down. And for good passwords they are just painful to remember. Don’t bother with them. Use a longer password instead.
- Never use simple phrases such as “iloveyou” as cracking software will only take seconds
- Never use dates or names relating to you or your family
- Do use long passwords. The longer the better. Ideally 20 or more characters.
- Do use long phrases that mean something to you (and not others), including spaces. The password “I love my Friday football with a beer” is a much more secure password than “&v3*JLCFf&Gt^499”. And by an incredible factor of 1040. And which would you rather remember!
A good site to test your password on is: https://www.grc.com/haystack.htm
ZEN are always happy to give you advice on all security matters, including but not limited to the choice of good passwords and implementation of password managers.