Since changing how I handled my passwords from using one password for everything like a n00b to using a unique password for everything, I have amassed a list of over 80 site/username/password combinations.
Looking over that list, I’m noticing quite a few sites which I don’t visit anymore and some which I don’t even recognize. So I decided to prune the list, and I’m noticing a definite progression in password hardening. Here are the guidelines I use when setting a password:
- Make use of letters (a-z, A-Z), numbers (0-9), and symbols (such as #%!_-&). The more complex your password is, the less likely it will be cracked.
- Use passwords that are at least 8 characters long, if not longer.
- Do not use anything which can be found in a dictionary as your password! When in doubt, Google your password; if it has results — especially more than a page’s worth — consider making it longer or more complex.
- Never use the same password for more than one site. If it is cracked at one site, it becomes that much more insecure at other sites you use it at.
Another trend which I have read about (in PC Magazine if I’m not mistaken) involves using entire phrases or even paragraphs as your passwords. Obviously, available length and the allowance of whitespace in the password will affect that, but if you could use as your password something like the following quote, it’s going to be quite hard to crack!
Then were the king’s scribes called at that time in the third month, that is, the month Sivan, on the three and twentieth day thereof; and it was written according to all that Mordecai commanded unto the Jews, and to the lieutenants, and the deputies and rulers of the provinces which are from India unto Ethiopia, an hundred twenty and seven provinces, unto every province according to the writing thereof, and unto every people after their language, and to the Jews according to their writing, and according to their language.
That’s Esther 8:9 (King James Version), by the way, the longest verse in the Bible.
Keep your passwords secure. Looking in my list, there are some sites (such as my bank’s) that are too important to leave at risk of being easily compromised.