Passwords/Passphrases
Passwords/passphrases give you access to work and personal accounts. Because passwords are the gateway to work and personal data, they need to be strong. Passwords should be easy to remember but hard to guess, which sometimes sounds impossible. Passphrases are better than passwords because they are typically longer and easier to remember.
How to create a passphrase
Combine three or four random (must be truly random) words and put them together to create a passphrase. The keyword here is random. The words you choose shouldn't have any relationship to one another other than picking them for your passphrase. The reason? Because common phrases, like titles of books or song lyrics, are often tried first by criminals seeking to break your password. Additionally, don't just look for a long word in the dictionary because criminals try those too.
- "boat-tree-calendar" (combine some random words)
- "Boat.tree.calendar13" (you can add some symbols/numbers/spaces/uppercase to add complexity)
Some things to remember about passwords/passphrases:
- Length is better than complexity. A 15 character password is much more secure than a 10 character complex password that includes numbers/spaces/symbols/uppercase/lowercase.
- Better passphrases will include at least one number, at least one capital letter, and at least one symbol.
- If you are limited to the number of characters in your password/passphrase, use the maximum number of characters and add complexity.
- Use different passphrases for different accounts.
- Never use the same passphrase for work or bank accounts that you use for personal accounts like Facebook or Twitter.
- Never share your passphrase with anyone else. If you have shared it, then change it.
- Never use a public computer to log into a work or bank account.
- Be careful of the information you enter as a Security Question to help you reset a password. Make sure it's private information not readily available on the Internet or your Facebook page.
- Don't write your passphrase down.
- Since passwords/passphrases are the weakest form of authentication, two-factor authentication is highly recommended for those services that support it. Two-factor authentication adds an extra layer of security by asking for an extra identification component in addition to your passphrase.
Use a Password Manager
Because so many of us have so many different accounts (work, bank, credit card, social networking, etc.), we tend to use the same password for all our accounts. Ideally, we want to have a unique password for each account, but that is very difficult from a practical standpoint due to the large number of accounts. There are password applications that can help us keep track of all of our passwords. There are even some online services that do the same. Some good free applications include KeePass, 1Password, and LastPass. You use a single master password to access your password vault, storing your account usernames and passwords. But make sure your master password is strong and only known by you.