What’s a Good Password? – Password Best Practices

What's a good password?

I’ve been receiving some comments and emails about what would be a good password, and how to protect online accounts. I felt like I should go into greater detail on this, as password security and management is an enormous part of keeping yourself and family safe online.Imagine your bank gets hacked, and all passwords are stolen. Unfortunately, all of your other private sites have the same passwords, and before the bank informs everyone, all of your accounts have been logged into and information stolen. The need for good passwords, good password management, and using password best practices is critical for your online accounts.

I will be explaining in further detail as to what a good password is, how you can protect yourself in these events, and how you can make it all easier.

What is a good or bad password?

A good password is a password that is not easy to guess or break within a short amount of time. There are many password best practices, and some different theories on the passwords you make. A good password is also NOT a password you’ve used anywhere else, or on any other sites. You want to try to keep your password reuse down to a minimum, as any website you use could be the next company that is a victim.

There are quite a few passwords that are known for being the number one password to be used, and sometimes a hacker can get lucky using those. Some of these passwords include: 123456, qwerty, qwerqwer, abc123, password, Password1, admin, welcome, football, monkey, charlie, donald.

I’m sorry, but if I hit on any of the passwords you use, or have used, change them now! You may not believe it, but hackers brute-force passwords using lists of the most common passwords used, and have quite a bit of success getting into accounts with it.

A good password consists of as many of the following standards as you can handle:

  • Have as many letters/numbers as possible
  • Some type of special characters, or multiples
  • Some randomness to it, instead of “password1!”
  • Capital letters, not just the first letter
  • Has nothing to do with your life, or can be guessed by looking at your social media
  • Is changed every so often, depending on difficulty. 90-180 days.
  • Cannot be guessed easily

There is quite a bit more to do with passwords, but if you follow those items, you will have a pretty secure password. The goal is to increase the amount of time it would take to guess your password, as well as increase the time it would take to break your password guessing every letter/word in the dictionary (also known as a dictionary attack).

All of my passwords are over 16 characters long (unless a site doesn’t allow that many characters), have random letters, numbers, case, and special characters all together. Example: pRgmZfkVaNXobVd8QB+Jd… A password like this, is extremely difficult to guess, and has nothing to do with my life or in my social media anywhere.

How can I remember my password?

Remembering your passwords for a bunch of different sites and having your passwords all random, and changing them often can be very cumbersome and is not recommended. There are quite a few different password management tools out there that will assist you with your passwords.

They will also remember your website that you used to log in, and can fully log in for you at the click of a button. The password management tools will even provide you with random passwords when you configure new accounts.

A password management tool is highly recommended in order to keep track of all of your passwords, but it will also need a password in order for you to log in and get access to your passwords. One password to rule them all. This password will need to keep the same principles and be secure itself, so make sure you do not set this password as something easy. Some password management tools use two-factor-authentication (more on this in another post in the future) and increase the level of security with the tool itself.

Does it work across devices?

Most of the password management tools out there will provide you with different ways to get to the utility. Quite a few of them are cloud-based, and if they aren’t, they can be set up to use a iCloud or Google Drive, etc. They will typically have a iPhone app, Android app, Mac app, Windows App, and some even go further than that (Linux, etc).

Once you create passwords and logins, you will log into the same account for your password management tool and can access your accounts through cloud syncing. This does definitely add some complexity, but once you get the hang of it, you will be fine and love it. So no matter what device you are on, if you need to access your passwords and accounts, you will have access to them.

How do I move forward?

For now, I would recommend just changing your passwords, and setting them to be more difficult. From there you can decide if you need to use any type of password management tools. Another great theory on passwords that will not make it as difficult, is to come up with passwords based on “password phrases“. A password phrase is multiple words put together, with some minor randomness put in. Example: !FortniteDisneyMinecraft4. The more letters you can add, the more difficult these types of passwords are.

Some additional ideas for password safety is to keep multiple “levels” of passwords, and use them for specific sites. As an example, my banking sites ALL have different passwords. A random forum that I don’t completely trust has my lowest level password, which I use for sites I really don’t care if they are broken into.

It’s your call and decision

In the end, the amount of password security and the amount of password management you want to use is up to you. The above is all just recommendations, and for some of you, it won’t really matter too much. Every person has different uses online, and some of us live very highly technical/digital worlds. I hope this article helped you learn what a good password is, and about password management. There are many password management tools available on the market, and the goal of this article is not to give recommendations on them, but only to inform.

 

If you liked this post, please comment below and let me know if you have any questions or comments. Anything to add to the discussion or other great ideas for users.

If you’d like more reviews, how-to’s, and guides, please subscribe to my newsleter on the side.

Please follow and like us:
error

About Don

Don has been in the IT industry for just over 20 years and has been working with Cyber Security for over 10 years. He holds many certifications including CISSP, CEH, and CHFI.

View all posts by Don →

Leave a Reply

Your email address will not be published. Required fields are marked *