Good Passwords vs Bad Passwords [How to]

We can assume safely that even though our (most Nepali’s) passwords are simple and not that much lengthy, they are safe somehow. The reason being most of us use roman Nepali characters as our passwords which, in most of the cases, are not English dictionary words – letting us behind the target of hackers. But there are things we need to learn about good passwords and bad passwords.

Everyday we tend to use or login to different websites, each having their own unique (username and) passwords. It is obviously difficult to keep the track of all passwords in general and for sure if you are using the same password in different websites, then you are complicating your life. In this article, we have explored some of the features for good passwords versus bad passwords, what are the top exploited bad passwords, and how to create a good memorable passwords for everyday use.

Here we list some of the worst passwords of 2011 as revealed by Forbes magazine – compiled by SplashData and Impera based on the passwords stolen from hacked websites. Ensure that your password is not the one among these worst and most used passwords of all times.

Even though your password is a combination of characters, and numbers, and special characters, it still might be in red zone as listed in table above. Hackers have started to crack your password by substituting O for 0, a for @ and so on. We have listed here our best practices for creating good passwords – maybe not the best passwords.

How to create a good password for website or a web service?

While passwords for ATM machines, luggage locks, automated door locks, and others are mostly numbers which you tend to put one from your best matched digits. But here what we are concerned is how to create good passwords not only for your Facebook and Twitter accounts, but for entire universe of world wide web using services.

• Length: Atleast 8 characters long – passwords are like underwear, the longer the better. Passwords must be of minimum 8 characters long which is a standard in most of the websites today including Google accounts, Facebook, Yahoo accounts, Windows live services and others.
• Complexity: Combination of these 3 things: alphabets (both lower and upper case) + numbers ( 0 to 9) + special characters (!@#$%^&*,;’”). However if your password contain only one special character, don’t put it on the first or the last of the password.
• Impersonalize: Never ever try to include first name, last name, or slang or any word from the dictionary. Refrain from your date of birth, and email aliases. Never share your password with whoever they maybe – you might have heard “never let your soul to be heard by your wife.”
• Dynamism: I know it is not that easy to change your passwords often, but try to give dynamism to your passwords every few months. Some websites like Windows Live Services (optionally) alert user to change security passwords every 72 days.

How to change a sentence to a good password?

Sentences can be good passwords with a little bit of trick. Using initial letters of every words (common words/conjunctions/prepositions at your discretion) can yield a good personalized password for your use. For example: I love my mom very very much could result into !L0v3mm<<m or any other version which you want – this password is not a word so has no meaning and couldn’t be found in dictionary, plus it is 10 character long with 3 special characters+2 numbers (apologizes to those guys who already use this example as a password – this has become very common password so get it changed if you want).

Another example from Yahoo Finance as explained by security guru Bruce Schneir- “Now I lay me down to sleep” might become nilmDOWN2s, a 10-character password that won’t be found in any dictionary. Making even more complicated is your job, of course!

How to create different passwords for different websites?

Let’s call it making website specific passwords. There are many practices of using passwords that are primarily targeted at specified websites or web services. One of the important tips is adding some prefix or suffix to your primary password – ensuring that nobody (specially the third party where modified password would be used) would exploit your main password from. For example: if my primary password is K4thm@ndu, then for my facebook account it could be K4thm@ndufk or fbK4thm@ndu or K4thm@ndub00k – however among these 3 variations of passwords, the last one would be difficult to guess for the primary password. So try to develop your own variation of password for specific websites.

SSL and Two-step verification:

Even though these are not directly related to creating a good password, it is your responsibility to browse safe. SSL (Secure Socket Layer) is an encryption technology which prevents 3rd party from eavesdropping your communication with the website you are surfing in. Instead of surfing on standard http protocol, you should be able to surf on https one for SSL.

For example – surf https://twitter.com/ and https://facebook.com/ instead of simply http://twitter.com/ and http://facebook.com/. Also, Google and Facebook have now implemented two-step user verification system – when you log into your account from any device that is not your normal computer, you need to enter a numerical code that Google sends to your phone (two-step verification uses cookies expiration to determine whether it is a new device or not, and limited to the same browser.) Read our article on how to enable Google account with 2-step Verification.

So nextime, you browse a site give SSL and authentication a prior importance – check if the website has https version and two-step user verification.

At the end, we post here an image displaying the most common and easy to hack passwords of all times, from techian.com – some people call it atmosphere of passwords.