November 22, 2020

Basics of Secure Passwords

In the last couple of days, I’ve had a handful of discussions on how to make a secure password.  Before we go to far, we have to understand the premise of security vs convenience.  Meaning, if our password is convenient for us to remember, it’s probably not secure.  And vice versa.  So, let’s meet in the middle, or at least try to have a secure password with a convenient way of accessing it. 

Where to save password securely?

I use a password protected OneNote page.  You can use a password protected Notes page on your iPhone if you prefer.  Or the Google equivalent if on Android.  This password require FaceID/thumbprint if available, but a 4-digit pin works great too – BECAUSE – this account should have a password completely different from your other passwords AND have two-factor authentication turned on.  Meaning, it’s all but impossible for someone to hack this account compared to the others’ being stored here.

How to make a secure password?

Put simply, a minimum of 15 characters, upper and lowercase, a digit (or more) using 0-9, and a special character generally taken from the 1-0 keys on a typical keyboard.  I’ve seen some use a “space” as a character, but I wouldn’t trust it to work across the board.  Similarly with the brackets and special characters by the enter key.  Before we talk about what TO use, let’s talk about what NOT to use:  names, locations, dates, etc., that have special meanings.  Anything anyone may could guess if they knew you or researched you.  You want to be as random as possible. 

For example, sitting on my back porch, I can look around and find two random words that typically wouldn’t be paired together:  concrete and birds.  To make it random, I’ll today’s date for numbers, and use the last digit of the current time for my special character.  This random password would look like:

Concrete1122*Bird

I would not suggest using this password for everything though!  The point of security is a different password for as many different sites as you can.  Because if one site does get hacked, they could use your email login and password across many different sites.  Again, security vs convenience. 

If you don’t mind paying for convenience and security, LastPass (and many others) is a company that prides themselves in this space and seems to be highly rated across the board.  I do have passwords stored there in case you’re curious.  And they do not provide any referrals, so I’m suggesting this on my own volition. 

Good luck, and safe browsing!

 

 

 

 

 

Image by joffi from Pixabay