Password revisited sounds like a cool title, doesn’t it? It’s true – I’ve written posts about passwords before. (You can see how many HERE.) Still, we have some new readers, plus I know some of you are still not following the rules when it comes to passwords! How do I know that? Easy. Every week, Joyce and I get emails from customers whose email account has been hacked. We then have to call them on the phone and help them straighten things out. Or, we have customers log into Remote Technical Support because they need help resetting a password that has been compromised.
Password Dos And Don’ts
With those things in mind, here’s a list of do’s and don’ts when it comes to passwords:
- Don’t use a full word in your password. Hackers have software that runs entire dictionaries in every language you can think of. Putting a number before or after the word won’t help – their software does that, too. You COULD break up a word with numbers or symbols. Example: K1ey*st3on*e – breaking up the word Keystone with numbers and symbols.
- Don’t use proper names. Again, hackers have software that runs those popular books that new parents often read: “Names for Boys” and “Names for Girls.”
- Don’t use any password from the list of top 50 hacked passwords of 2019. You can find that list HERE.
- Don’t use the same password for everything, especially don’t use your email password anywhere else.
- Don’t store your passwords on your computing device in an unencrypted file. We often see people have a file on their computer, tablet, or smartphone (sometimes blatantly named “Passwords” 🙈) with all their passwords which could clearly be read by anyone!
- Don’t keep your passwords on sticky notes at your computing device.
- Don’t use any part of your Social Security number or your Debit Card PINs as part of a password.
- Do use at least eight characters in your passwords.
- Do use lower case and capital letters, numbers and symbols.
- Do use whatever symbols a site or app will allow you to use – some won’t allow certain symbols so click on the ? or the information icon (round circle with the letter “i” inside it) to see which ones are acceptable.
- Do use unique passwords for different accounts, especially financial sites.
- Do use ONE unique, secure password for your email. (People often make the mistake of using an easy password for email because they think there’s nothing in there anyone would want. That idea is incorrect!)
- Do write down your passwords and the date you created them – either in a notebook or in a password manager like .
How We Create Strong Passwords
Finally, I’ll share how we create strong passwords here are 4KCC. We take a four-word phrase we can remember. One of mine is ‘I love Hershey’s chocolate.” (For the first 43 years of my life, I lived within aroma distance of the Hershey Chocolate factory in Pennsylvania so, unfortunately, this phrase has a lot of truth in it.) We use the first letter of each word as the basis for our password. So, the password begins looking like this:
I l H c
Next, we take 4 numbers that we can easily remember but not Social Security parts or PINs. For my example, I’ll use our church’s numerical address: 2221. I place the numbers between the letters. Now, our password looks like this:
I 2 l 2 H 2 c 1
For more security, I’ll add a symbol. This can be added before or after the password and multiple symbols can be used if you desire. For this example, I just add one at the end. Now, the password looks like this:
I 2 l 2 H 2 c 1 *
A couple of notes: 1) I don’t use spaces in my passwords – many sites don’t allow it and spaces can sometimes cause confusion. However, I used spaces in my example just so you could see more clearly; 2) Eight (8) characters should be a minimum for passwords but more is better. For instance, my most secure password is 18 characters; 3) Some sites or apps limit the number of characters you may have in a password; 4) When you look at the final example above, you might say to yourself, “I could never remember that!” But, you are actually just remembering a phrase you like, four numbers you like, and a symbol.
What You Should Do Now
Now, stop reading and go fix those passwords!
And how often do you need to change your passwords or don’t you need to?
Excellent question! We used to say that you should change your password every 90 days or at least every 6 months. Lately, though, some “authorities” (including Microsoft) have questioned whether changing passwords is really necessary IF you are using strong, secure passwords in the first place. However, there are some websites which still force you to change your password after a certain amount of time. Speaking for myself, I rarely change passwords on a regular basis but my passwords are extremely secure and I don’t use the same password everywhere. ~YYB
Thank you very much! I feel that my passwords on critical sites are extremely strong and don’t want to change them.
You’re welcome! 🙂