Staying Safe – How to create good passwords

Are you using the same password everywhere?

When I’m out networking I have lots of different conversations about all sorts of IT issue. One that often comes up is that of passwords.

I once met someone who stored over 200 login names and passwords in an Excel spreadsheet – And the spreadsheet wasn’t password protected! So if her computer was ever stolen then the lucky thief would have access to all of 200+ accounts!

And yet another woman used one password everywhere!

This horrified me but didn’t surprise me.

I have – well I don’t know how many passwords I have, let’s just say lots. And each one is different and none of them are written down. As Harry Hill says “You’ve got to have a system!”…

So here we go.

How to have different passwords everywhere and never forget them

First let me say that there is no such thing as an uncrackable password – given enough time and the right tools a dedicated hacker will crack anything. It’s our job to make it as hard as possible, so they give up and go the person who has picked their favourite colour as a password. 

What makes a good password?

A good password will mix letters, numbers and non-alphanumeric characters or symbols.

Don’t use a word that is in the dictionary – hackers have programs that can try thousands of different passwords and try all the words in a dictionary. There is a really good article here showing the time it takes hackers to crack passwords depending on how long and what format the password takes. I highly recommend taking a look at the table.

It needs to be at least 6 characters long – although I would recommend at least 10 characters (No, don’t say you can’t remember 10 characters – I’m going to teach you a system!)

A three step process to good passwords

kittens, pets, sleeping-1916542.jpg
Aw. Aren’t they cute. (There is a reason for this picture)

Step One 

The phrase/line that all your passwords are based on.

This might be from a song, a poem, your favourite book.

For example,

Raindrops on roses and whiskers on kittens

Take the first letter of each word and we get “rorawok” as the base phrase.

Step Two 

The variation for each site

For this we are going to use part of the site name, for example, the last three letters. So on Amazon we’d take zon and add it on to our base phrase to get rorawokzon

Step Three

Add some numbers and/or non-alphanumeric characters.

Hold on, this is getting tricky I hear you cry -we’re up to 10 characters already. Stay with me, and I promise it will be easy.

We can substitute numbers and other non-alphanumerics. You don’t to use all these suggestions – just swapping one letter is a good start. Just decide on your personal rule and stick to it.

Letter swap suggestions

S > 5
l or i > 1
E > 3 or £
a > @
o > 0
g or q > 4

So if I swap the ‘a’ for a ‘@’ then my password for amazon would be ror@wokzon

The final tweek is to have a mixture of lower case and upper case and to give myself another easy rule to remember I will make the letter after a symbol/number to be a capital so my password ends up as being ror@Wokzon.

This system means that you will be able to have hundreds of passwords and always remember them without having to write them down. And it means that hackers will find it harder to crack your passwords and so you’ll be safer!

If you don’t want to have to remember passwords, you can use passwords managers such as Google’s Password Manager

No password is completely uncrackable, but let’s not make it easy for them. (If you ask nicely I’ll tell you how I cracked someone’s password just by using my smart phone!)

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top