How To Create The Best Passwords Hackers Hate
By Rachael O'Halloran
Published September 4, 2014
Are Your Passwords Secure?
Passwords And Password Reminder Question
Your passwords are pretty much the only tool you have in how to access and protect your information on certain websites. How you choose your passwords makes a big difference, whether it is a Facebook site, a blog, a game or a banking site.
Never make it easy for a hacker. But never make it easy for yourself either.
If your password is easy for you to remember, it could be easy for a hacker to access.
I've said it before, I'll say it again. Do not use the same password for more than one site.
Above all, don't use your email password for anything else.
Each site you go to, your password should be different. I hope that is clear. Different site, use a different password.
- Get a notebook at the Dollar Store and write all the info down - sign on email, screen name, password, security questions and answers. Include capitalization and special characters of the password
- DO NOT keep a Word file or an email with all your passwords and security answers on it. I'm not crazy about password vaults either. If there is a will to hack, there is a way to hack.
- Every time you change a password, make it a point to remember changing it in the notebook.
When you choose a password, make it strong and make it long.
The best passwords are those which make no sense, are not a real person, place, thing, or an actual word.
Passwords should have some upper and lower case letters, as well as numbers, symbols and special characters. Passwords should not follow any set pattern or order.
Many sites want passwords with at least one capital letter or to start with a capital letter. Typically they allow 26 spaces for a password. You don't have to use all of them, but it is more secure to use them all.
Do not choose your pet's name, no matter how unique the little guy's name is. It is the easiest to hack. Hackers use lists of the most popular pet names (dogs, cats, birds, etc.) Here's a popular list of the Top 100 - see if your pet's name is on it: Dogtime
If you must use your pet's name because it is something you will never forget, then get creative with it. Say your dog's name is Bailey, which is the second most popular name on the Dogtime.com list.
Try doing this:
- The first letter is capitalized as per the site rule, then with no rhyme or reason use a number every other letter, but go random, not in numerical order - mix them up. Add some symbols or underscores and your password is looking harder and harder to crack.
- Throw in extra capital letters.
- Now go write it down so you don't forget!
I am not a fan of websites offering a password generator where it spits out random words and letters. But it is good when it tells you the strength of each one.
If you can't think of a password after reading this article, then use a password generator. Here's one that is easy to use: www.safepasswd.com
The Sentence Method
Another way to get the best password is to think of a sentence that you will remember, but is not so obvious that it can be guessed. Try to stay at 26 words, including years (each digit takes up one space). Here's an example:
The happiest day of my whole life was the day my son was born in 1985.
Now, type the first letter of each word to make a password like these examples with random capital letters, adding the year at the end.
- Thdomwlwtdmswbi1985 - first effort - now try it with random capitalization
- THdoMwLwTdMsWbI1985 - second effort - now add some symbols where the letters are.
- T#doMw&wTdM$WbI198$ -now write it down!
Let's try another one.
My daughter is having a baby on September 30 and I'm so excited.
Take the first letter of each word again to make a password like this one with random capital letters and symbols.
- MdI#AbO$30_AI$E - all I did here was capitalize every other letter, add dollar signs for each "S" and a number sign for the H. I put an underscore before the word "and" You can put in more, but the underscore in this instance stands in for the word "and."
Make up any sentence, poem, song or phrase you wish, just as long as it's not Happy Birthday To You. (most popular as of 2013 survey)
Try to keep your end result at 26 letters. If you don't want to use a dollar sign for the S's, use another symbol.
Write it all down in your Dollar Store notebook so you have it.
Each time you change your password, go back to the notebook and make the change.
If ever you forget to write down the change when you give yourself a new password, you will have first hand experience with frustration when you try to remember where you put all those $$ and ## and __.
Password Reminder Question
Often your password screen will offer a password reminder question.
The answer cannot be your password. It is meant to be something to remind you of what the password is.
As in the above example, Bailey is the dog's name but you have numbers in it.
So the security question "What is the dog's name?" could be answered with "first page of notebook" which is the "reminder" of where to locate the password.
So write down that question and answer as well.
These are different from your security questions that are used to verify your identity, which is discussed in a separate article.
If Your Password Is On This List, Change It!
letmein (Let Me In)
Do The Two-Step!
If a site offers a two-step process for verification of your identity when you enter your password, TAKE IT!
This is usually done to access an email account, but Google and other websites are using it too. It will only be a matter of time before it is so prevalent that one step password setups will be a thing of the past.
The two-steps might be a drag sometimes, but it is an added layer of protection. Here's how it works after you have followed the setup directions in the following video:
- 1, Let's say you are trying to access your bank account online. You have entered your password. This should not give you access to your account. If it does, your two-step is not set up properly.
- 2. In the setup previously, you have already decided if you want to answer a question on screen or if you want their system to send you a text message to your cellphone, to your email inbox or a voice message to your home phone. Usually it is a 4 to 6 digit code for you to enter on the screen in order to access your account.
- 3. Entering the code tells them that you are you and there is no doubt to your identity.
If you are using the two-step for website which is not your email site, it is never a good idea to have the text sent to your email because once your email is compromised (i.e. hacked), you will never get the text they sent. This is because you no longer have control of the email account. The hacker got the text in your email and now has it to access the website in question.
Don't store your phone number on any accounts.
Don't even send an email to yourself with your security questions, answers, password changes or phone numbers. Get a notebook at the Dollar Store and write it all down in there.
What I like about the two step process is this:
If I am not the person signing on to my account and the text comes to my phone with the code, instantly I am alerted that someone is trying to sign on to my account. I am able to get on to my account and change the password immediately.
No Cellphone? No Problem!
This next video tell how to set this up without a cellphone.
If you do have a cellphone, this option is especially useful
- if you are watching how you spend your data minutes,
- if you don't have data capabilities, or
- if you have used up all you data minutes for the month.
Two Step Verification Without A Cellphone
1. Never click YES when the popup asks you to save your passwords. A hacker will have no challenge at all because you gave him easy access.
2. To keep your passwords strong, you have to keep them updated. At the first sign of anything fishy - a strange email, your mouse looks like it has a mind of its own moving around the screen or going in directions you are not aiming it, an alarming amount of spam - change passwords now. You don't have to get drastic, just make simple changes to the passwords you have now changing symbols, adding numbers, make them go backwards, etc.
3. Change the order of the special symbols.
4. Change the upper case letters to lower and the lower case letters to upper.
5. Make your sentence read backward instead of forward.
6. On the password, I like to make the first 4 digits the date I changed the password. And I like to add the last two digits as letters of the site.
- For example, if I changed the G Mail password on September 1 using the password sentence: My daughter is having a baby on September 30 and I am so excited - it can look like this:
I hope you found this helpful. Please see my other articles on password safety and security question and answers.
Check out some of my other articles about online safety
- Heartbleed Bug Leaves Internet Users Open To Being Hacked
On April 8, 2014,Tumblr announced that internet users were vulnerable to hack attacks by anyone. The padlock is gone and your information is not safe. Here's the lowdown on the HEARTBLEED bug.
- Spotlight On: How Safe Are Your "Electronic Medical Records" From Hackers?
We no sooner have healthcare providers switching everything over to computer databases and now we hear about those very same records getting hacked. Is your physician protecting your info?
- How To Protect Your Credit Before And After A Security Breach or Hack
Security breaches are more prevalent now than ever before. Here's how to protect yourself for FREE before and after a hack or breach. Never pay LifeLock or anyone else. You can do it yourself FREE!
- What Is Shoulder Surfing?
Shoulder surfing to get your private information is on the rise.
- How Safe And Strong Are Your Passwords?
How safe do you think your passwords are? Pretty safe? Maybe not. Here are ways to protect yourself on and offline. Lists of worse, best & most common passwords. Did your password make the list?
What Do You Do?
How do you keep track of your passwords?
Do Not Copy
© Rachael O'Halloran, September 2014
© 2014 Rachael O'Halloran