In the digital world, passwords are used and required for many applications and services.
Access to your PC or to your email account will require a password, as will access to your favourite online shop or the web access to your bank.
Passwords are the digital version of our traditional door keys, and yes, there are already possibilities to replace traditional door keys also with a digital lock or even your mobile phone.
Passwords help to protect your data and your privacy.
It is strongly recommended to use different passwords for different applications.
This, to avoid granting access to all the digital services you use at once if ever one of your passwords should be compromised, be it accidentally from your side or from the service provider side.
Just as a reminder, see what recently happened at Cathay Pacific and the privacy breach.
The tricky thing with passwords is that on the one hand the password shall be strong, i.e. as random as possible to avoid guessing or easy password cracking, but on the other hand you shall be able to remember the password.
Here are some tips for creating a safe and secure password.
Make sure that the password is strong.
- It should contain
- upper case letters (A-Z),
- lowercase (a-z) letters,
- at least one number (0-9),
- and at least one special character, e.g. !#$%^&*_-+=?().
- Don’t reuse any of your last five passwords. Even though the password history requirement lets you reuse a more recent password, you should select something that the attacker can’t guess.
- It shall not be a word that can be found in a dictionary, or a combination of dictionary words.
- It should not rely on “obvious” substitutions, e.g. H0use isn’t strong just because of replacing ‘o’ with ‘0’.
Certainly, being able to remember the created password is equally important.
If you’re using a password manager, those will likely create very strong passwords and take over the task to remember it for you – just that you now rely on this application and it’s database to not getting lost, broken or stolen and that it is available and functional when and where you need it.
My tool of choice is KeePass Password Safe, a free, open source and easy to use cross platform solution to manage passwords.
It is available on Windows, on Linux and also on Android and iOS for mobile phones. This makes it convenient to have your passwords with you, even if you’re not in front of your PC and yet your passwords are protected.
As with all important data, regular backup of the working password eWallet is a must.
And of course, you can still create your own memorable passwords and use KeePass simply to store the ever increasing number of passwords in a safe place.
One trick, to create a rather random and strong password that you can still remember as well, is to derive the password from a sentence.
For example, “When I wake up in the morning at 6:00am, I first open my eyes.” could be turned into “WIwuitm@6:00am,Ifome.” That is a rather strong password at 21 digits with mixed letter, numbers and special characters.
Another approach as proposed on the Diceware webpage is to use 6 random words that are not in any grammatical or logical order.
As the name my imply, you’re to roll a dice and write down the numbers in a sequence of 5 numbers (each between 1-6) for each word and then pick the words corresponding to the resulting 5 digit number from the list provided at the Diceware website.
The use of dice help to improve the randomness of the words mixed together, as it’s traditionally rather difficult for people to come up with random combination of words.
And because the resulting password is a list of words, it should be fairly easy to remember.
Of course you could also follow along with the following joke:
I changed my password to “incorrect”. So whenever I forget what it is the computer will say “Your password is incorrect”.
An additional complication comes with different password requirements by different applications or organizations.
And yet this may help to ensure that you don’t get tempted into using the same password for different websites and applications – a good thing.
The bank HSBC, for example, has the following requirements for your password:
Your password is not case-sensitive and must be between 8 and 30 characters.
It must include only letters, numbers or the characters @ _ ‘ . – ? ! $ * =.
And I’m sure the additional advise offered together with the requirements for the password does by now sound familiar to you:
To protect your security, do not use the same password on different websites
and do not use easy-to-guess information such as your name,
identification number or date of birth.
Have a safe online experience.