Skip to main content

Creating and using strong passwords:

Your first line of defense on the Web is creating a strong password to protect your computer, your data and your online accounts. That may sound like common sense, but hackers have become increasingly sophisticated at password “cracking.” What may have been considered a strong password a year ago may now be considered an open window to your computer. Internet security is based on a “weakest link” principle; hackers are constantly searching to find the weakest link possible to give them access to a network or computer. Often that weak link is a weak password.

Below are lists of some thinks you should not do and a list of good practices.

Passwords should never include these:

  • Obvious combinations, such as abc123, yournamexyz or yourname1, combinations of addresses and phone numbers, or your mother's maiden name, etc.
  • Any part of the user name with a slight variation for the password.
  • The word "password".
  • 123456789 or a similar string of sequential numbers or letters.
  • Words in the dictionary as these can easily be guessed by password cracking programs, these are the first words that these types of programs will guess.
  • Any personal information.

Password Best Practices:

How can you improve your password complexity to improve your password security? Passwords should always:

  • Be at least eight characters long
  • Be unique to each login
  • Be changed periodically
  • Contain a mixture of upper- and lowercase letters, numbers, and symbols, such as *, ^, }, |, ), _ and others
  • Never store your passwords in an easily accessible location. Don't leave them on your desktop, don't tape them to your monitor screen, etc.

There are various methods you can use to create complex passwords that are impossible to guess but relatively easy for you to remember. One approach is to think of a favorite activity, favorite song, etc. and turn that phrase into a complex password.

For example, if you're creating a password for your bank account, you might start with the old saying, "A fool and his money are soon parted." That axiom is too long to use as a password, but you can easily whittle it down to "aF&H$RsP," for instance, which translates as follows:

  • "a" represents "A"
  • "F" represents "fool" (to add complexity, every second "word" in this password is initial-capped)
  • "&" represents "and" (for obvious reasons)
  • "H" represents "his" (initial-capped)
  • "$" represents "money" (for obvious reasons)
  • "R" represents "are" (and is capitalized as part of the "every second 'word' is initial-capped" rule)
  • "s" represents "soon"
  • "P" represents "parted" (initial-capped)

At a time when millions of people become identity theft victims every year, a sober approach to password security and complexity is a big part of preventing identity theft. The very least you can do is make it difficult for others to guess (or find) your passwords.