The Guardian in the UK has a nice summary of the latest advice for making secure, but memorable, passwords.
Having a long password, at least 12 characters, makes it harder for brute force attacks on your account.
To make a memorable password, think of a phrase you remember from a film, TV or play. Then tinker a little with it by replacing some letters with numbers or characters.
For example:
From the John Boorman film, Excalibur “It is the doom of men that they forget” seems appropriate. Some variations on that could be:
Itisthedoomofmenthattheyforget
ItistheDoomofMenthattheyForget (more capitals)
ItistheDoom4ofMen3thattheyForget5 (added digits, the number of letters in the capitalized word just before the digit)
ItistheD@@mofMenthattheyF@rget (replacing letter 0 with zero is well known, so use a character instead)
ItisyheD@@mofMenyhayyheyF@rgey (letter t becomes y which is the next key to the right and looks similar)
You can also take your standard phrase and add the name of the site it’s used on.
“It is perfectly OK to use something like ‘thisismypasswordforNatWest’ or ‘thisismyBritishAirwayspassword’, but change one or two of the characters into numbers. It’s about keeping it simple and memorable.” says Richard Cassidy from Alert Logic
We have a few comments of our own:
- There are password storage utilities available but many people have one in their browser already. For example, Google Chrome will save login names and passwords. You can view those saved combinations in the Settings (after a login password check) which is very handy.
- Email account passwords are much more important than most people realize. Make sure your email accounts have good passwords and good security. After all, ff someone gets into your mail account (Office 365, Outlook.com, Gmail or wherever) they can gain access to many of your other accounts and sites using the ‘Lost Password’ option.
- Two factor authentication supplements your password with a second access code for logins from unfamiliar places or computer. Highly recommended for important accounts like email etc.
- Extended characters should be avoided on web site logins. It’s tempting to go beyond the standard 255 ASCII characters for a password and use a few of the thousands in the extended Unicode character set. Unfortunately, many web sites can’t cope with those ultra-complex passwords. You might be able to setup such a password but the system can’t match it when you try to login.
- By all means use extended characters for passwords in Microsoft Office files (spreadsheets, documents etc). Passwords in Microsoft Office have Unicode support.
