Plenty of people tell you how not to choose a password and give terrible advice; few tell you how to do it properly. Let me thread you through the minefield.
There are hundreds of sites out there telling you how to choose a good password but they’re all either outdated or offer stupid advice like “change your password every month” or “use numbers in place of letters”.
Quite simply, a brilliant password conforms to the following rules:
- Use a phrase or series of unconnected words, possibly interspersing them with characters and symbols instead.
- If you can forget it or need to write it down, don’t use it.
- Never use the same password twice. Ever.
- From (1) it follows that any of the following should NEVER be used:
- a single word in any dictionary in any language, including profanities, using any mix of upper and lower case or numbers-for-letters.
- some personal information such as your name, initials, family member name, friend, pet, address, postcode, computer system name, birthday, anniversary, significant date, month or year.
- your favorite music (group names, albums), book/movie characters or titles, celebrity, or place.
- Never use any words (including the above) that fall into the following categories:
- double words (
- insults / instructions / jargon (
- keyboard sequences (
- reversals or switchers (
- numeric prefix/suffix (
- numeric replacements (
- double words (
- The longer the better.
- Try to throw in some numbers, symbols and a mix of upper and lower case letters OR use multiple words (minimum of four). Or mix both systems if that’s your thing. Just make it long.
- Never let any software store your passphrase on your behalf to auto-login: you’ll forget it unless you type it in frequently. You’ll be surprised how quick you can become at typing even 15 or 20 character passwords if you do it often enough (a caveat is if you’ve bought a password generator like 1password which manages keys securely on your behalf. They’re okay, providing you protect the program itself with a stupendously good password).
- Change your password whenever you feel the urge or if you suspect someone saw you type it, you divulged it in your sleep, or your computer/network is compromised. But never change it on a schedule.
- Never listen to anyone who claims Biometrics is secure: if your fingerprint or iris is compromised, you can’t change it. Your password can always be changed.
That’s a pretty comprehensive checklist, but what can you do if you can’t use all the easy stuff and need inspiration? My favourite idea beyond modging together a bunch of random words is to choose a line from one of your favourite movies or books — maybe even its title — and take the first letter of each word then play around with it to make up your passphrase. Examples:
- Star Wars Episode V: The Empire Strikes Back —
- Michael Jackson “She was more like a beauty queen from a movie scene” —
- “A rose by any other name would smell as sweet” —
- Linux/UNIX rocks and puts Windows to shame:
- “There’s No Business Like Show Business” from Annie Get Your Gun:
See how easy it is to be creative? Now you have no excuse :-)