As a web developer I have access to my clients’ passwords, and have noticed that many of them are not as secure as they could be. Here are some recommendations.
What Not to Do
Avoid passwords such as ‘password’, ‘secret’ with a single number added, or those that use your name, business name, or a family member’s or pet’s name. With social media so popular these days, a hacker can usually find information about your family online, making it easier for them to guess your password.
Avoid choosing an obvious word and then adding the year to create a pasword. I see many users doing this. For example, let’s say they are creating a password for a library, they might choose library2007 as the password. Hackers are probably familiar with this common approach and would have written code that tries guessing passwords like this.
So how can we choose a secure password that we can actually remember?
What To Do
We’ve all seen the recommendations: include an upper and lower case letter in your password, and a number. Some web sites force you to include a punctuation character in your password as well.
A great way to create a password is to think of a phrase and turn the initials or words into a password. To incorporate the number, you might choose to change any letter o’s into zeroes and letter L’s into ones.
For example, if you ran a pet store, you might think of the phrase ‘I sell cat food’ and then change it to Ise11catfood (where the two L’s are changed to 1’s). Or it could be Isellcatf00d (where the two o’s are changed to zeroes.) Then it is easy for you to remember, but hard for people to guess. To add punctuation, you could put the whole password in brackets e.g. [Isellcatf00d] or add an exclamation mark e.g. Isellcatf00d!
Unfortunately, hacking software has learned this technique of replacing letters with numbers as well, and it is now recommended that you include deliberate misspellings in your passwords. So you might use Ise1Katf000d.