What Is a Good Password? Tips on Choosing a Secure Password

What Is a Good Password

Single Key - Bad Idea

Today, I’m going to go over some tips on what makes a good password. Making sure that you have a secure set of passwords is extremely important these days. Notice that I said set of passwords…

Hackers aren’t stupid people, and they realize that most people use the same password at every single site they visit. In fact, according to a survey last year by a company named BitDefender, they found that 75% of people use the same password at multiple sites, including their email accounts.

Using the Same Password Everywhere Is a Terrible Idea

Think about this for a second. Let’s say that your dog’s name is Susan, and you got her in 1998. So, you choose “susan98″ as your password. Sure, none of your friends would likely be able to guess that password, but it would only take a standard desktop computer less than five minutes to guess it (check out this site for an estimate of how long it would take to crack a particular password, but don’t give them your real password!).

Now, let’s assume that you are using “susan98″ as a security code for your email, your bank, your credit card company, your life insurance, Facebook, a forum on video games, and an account at your local grocery store’s website. What happens if hackers break into your local grocery store’s website and steal the user database?

Well, most likely, the grocery store isn’t using a very secure or encrypted database, so the hackers may have stolen your:

• Name
• Email address
• Phone number
• Physical address
• Credit or Debit card information
• and maybe your password in plain text.

So, you need to come up with a unique password at every site you visit. More on that in a minute.

Choosing a Good Password Length

It’s very important to choose a long password. Eight characters is actually too short these days. Computers are fast enough that it only takes fifteen minutes or less to crack most eight-character passwords. The longer, the better.

Every time you add a character to your password, the time it takes to randomly guess increases exponentially. So, while eight characters can be cracked in fifteen minutes, it will take over six hours for nine characters.

So, aim for a minimum of 10 characters, but even more is better. And don’t just use letters. Throw in some numbers and special characters, too, like #, !, and [.

How Can You Remember a Different Password at Every Site?

Lots of Keys - Good Idea

There are a number of approaches to this and software that can help you keep track, but I use a simple formula myself:

1. Take specific letters from the domain name (for example, take the 2nd and 4th letters from startproducingwealth.com: T, R)
2. Assign a number to the type of domain (e.g., .com = 1, .org = 2, .net = 3, everything else = 4, etc.)
3. Have a generic phrase that you can remember, such as “I would like to take my dog for a walk tonight”, and make acronym out of it: iwlttmdfawt.
4. Now, put all together in an order that you can remember, along with some symbol characters. In this example, I’m choosing _ and &
5. And, voila, you get: T_iwltt1mdfawt&R

Notice that I started and ended the password with my capitalized domain characters, and I placed the number 1 in the middle of my phrase’s acronym. If I need to create a password for someplace.org, I would use: S_iwltt2mdfawt&E, since the 2nd and 4th letters of “someplace” are S and E, and it’s a .org site, so I use the number 2.

According to the secure password checker I linked to at the beginning, this password would take a desktop computer about 193 trillion years to crack. I’d say that’s pretty secure. Plus, if a hacker did manage to hack your local grocery store and somehow decrypted your password, it probably wouldn’t work for your email or bank, so you’d have a lot less to worry about.

For more information on identity theft and how you can prevent it, click here.