Create Strong Passwords

It is important to create strong passwords.

Tips for creating strong passwords:

  • Don't use words that can be found in a dictionary
  • Don't use the same password for every site
  • Do use a mix of upper- and lower-case letters, numbers, and at least one symbol

Password Examples

password (WEAK) — Never use the word password as your password. Believe it or not, this is one of the most common passwords out there.
123, or 123456 (WEAK) — do not use simple passwords like this.
vikings (WEAK) — do not use a sports team as your password.
fluffy (WEAK) — do not use your pet's name as a password.
opensesame (WEAK) — do not use words that can be found in a dictionary.
[email protected] (STRONG) — this password has a mix of upper- and lower-case letters, numbers and a symbol. See below for a method of creating strong passwords that can be remembered.
bOO$100S (STRONG) — Again, this is good because it is a mix of upper- and lower-case letters, numbers, and symbols.

How to Make Strong Passwords That You Can Remember

You can incorporate mnemonic devices into your password creation methods to create strong passwords that you can easily remember.

You could take a phrase like "I left Istanbul on March 26th", and turn it into a fairly strong password like IleIsonMa26, taking the first two or three letters of each word and keeping the case correct.

Another example from a quote by Aristotle, "All paid jobs degrade the mind.", which could become 6a.APJDTM. 6 words, by Aristotle (which makes the 6a at the beginning of the password). Then a symbol is added to separate it from the first letter of each word in the saying, "All Paid Jobs Degrade The Mind".

Note: the above passwords are just examples. Create your own based on a system that makes the passwords easy to remember.

Use Different Passwords

It is tempting to use the same password for everything, but don't do it. Some web sites encrypt your password (like banks) and some don't (like many web site discussion forums). If your banking password is the same as your forum password, your password can be stolen very easily as it is sent unencrypted over the network to the forum site, and then could be used to log into your online banking. It is very important not to use the same password for every site.

You can also use the mnemonic trick for multiple passwords and use some element of the domain name in your password to change it a little bit for each site. An example of this would be to take the first and last letter of the domain name (for example, the letters y, and o from Yahoo.com) and append them to your password, which would make the password unique for that web site. But be careful about this because if it is obvious how you create your passwords, someone can figure out how to apply your password creation technique to your banking sites. If you use a technique like this to change one password depending on the domain name of the web site, still be sure that your financial passwords are significantly different than your everyday passwords like email and web site forums.

Writing Down Passwords

It's better not to write down passwords because if you lose the paper, someone can steal your passwords. If you must write down your passwords, don't write down the complete login information and web site name next to the passwords. That way if someone steals your password list, they may have your passwords, but not the user name and/or web site URL.

Storing Passwords on Storage Devices

Do not store passwords on USB thumb drives, because if you lose the thumb drive, or if someone copies the contents of your thumb drive over the network while you have it plugged in then someone can steal your passwords. The same advice goes for portable hard drives that you might plug into a public computer.

If you are carrying around your own laptop and have your passwords saved in your browser or on your computer somewhere (for example, saved passwords in Firefox), make sure that you set the master password and that your password is very strong. It is ok to save your non-financial passwords in your browser on your computer, but do not save your financial passwords in your browser. If someone steals your laptop, they can extract the passwords from your hard drive without much difficulty. Even if you have a user password set on the computer, cracking the user accounts on a computer is extremely easy.

Do Not Send Passwords Through Email

Your email is usually not encrypted. Do not send passwords to financial web sites through email because the passwords can easily be captured when they go through the network.