Password Creation: Keeping Your Accounts Safe

Two factor authentication: Use this wherever it is available. This is critical for keeping your accounts secure even if your password is stolen from a site. It might be that the site sends you a code to your email or phone. The site might use an Authenticator app which you will have to download to your mobile device. 

I tend to use my phone number for two factor authentication when it is available as it is easier than switching apps when I am not near my computer. On my phone, when I can only use an authenticator app or my email it gets to be more difficult. Although it is always worth it to have two factor authentication. 

How often have you seen people say someone hacked their social media account and they lost access? I have seen this often on Facebook. It is certainly a pain for a personal account. You lost a lot of pictures and history.  If you have a business account it is even worse. You lost all of the content and contacts that you built up.

I have two factor authentication turned on for my banks, credit cards, PayPal, and anywhere else I can. 

Passwords: Passwords are the bane of everyone’s existence. So much so that many people use the same one repeatedly which is a security issue. The table below from Hive Systems, shows you why it is essential to create strong passwords. 

How do you keep yourself safe? How do you remember what you used? 

Password Managers: Remembering what password is used where is difficult. That is why a password manager is recommended by the articles that I have read. They create and keep track of passwords that are almost unbreakable. Why do I say almost? Because, as I mentioned in my book, Cybersecurity is a chess game. Bad actors have broken the original password managers. Password managers have gotten much stronger as long as you buy a good one. There are URLs at the bottom of this page that might help you decide.

If you aren’t going to use a password manager, then follow the suggestions below to keep your accounts safer.

1. Never reuse a password. 

2. Use a combination of Uppercase, Lowercase letters, numbers and special characters like %$#@()^> whenever possible. It amazes me that some sites don’t allow special characters. Some limit what you can use.  

3. The longer and more complex a password is, the less likely it is to be cracked. Mine are at least 14 characters long and are a combination of the above. 

4. Do not use personal information such as birthdays, anniversaries, names of children, your mother’s maiden name, pets, your name, etc. 

5. Do not use words found in the dictionary. It would take hacking software less than a minute to find the word you used. 

6. Do not use consecutive or repeating numbers.

7. Do not use logical changes such as 0 for o, 5 for S, etc. 

   
   

Now you are wondering, how the heck can I do this?

I use an algorithm. It consists of 14-18 upper-case and lower-case letters, numbers, and special characters. 

Here is the beauty of an algorithm.

For instance, I might use upper and lower-case letters from a friend’s name. Karen Smith.

Let’s say the first 2 of Karen and every other one from Smith. KAsiH.

Next I would choose some letters from the website. Let’s say Citizen’s Bank. CtzKThis keeps every password set up unique. 

Next I would put in a special character. %

Then I would choose a friend’s birthdate, a date that I started or ended a job in my teens or another obscure date. Let’s say I started a job as a short order cook in July of 1973. I might put 7973. Note, the numbers are not consecutive, nor do they repeat. 

Last I put in another special character. #

This is KAsiHCTzK%7973# which totals 15 characters.

I do keep track of this separately by notes to myself. I might write down, KS, CIT, SCP, Cook, number. I would know that it was my friend’s name + Citizen’s Bank + the special character of percent, the date I started as a short order cook and that number meant special character #.

If you want to use your dog’s name, Rover, as an option, just move over a key to the right on the keyboard for some letters and use Uppercase and Lowercase letters. It becomes ToBEt. Use different names, words, etc. Of course, you also must make it at least 12 characters long. Longer is better. 

The way I create passwords is something that I can remember. Create a system that you will remember. 

Below are some URLs that provide some good information.

You will note that some articles advocate using a passphrase. It is too easy to figure a common passphrase out so you need the passphrase to be something random. You can see both articles below for more information. Remember, you will need a different password for each site. That can be as simple as several letters from the site. 

I like the idea of a passphrase as described in the howtogeek article below. The important thing to remember is that you have to find a way to differentiate each the password on each site such as what I described. If you don’t, once they have your password, they have the password for all of your sites. 

How to Create a Strong Password (and Remember It) (howtogeek.com)

https://www.forbes.com/advisor/business/how-create-strong-password/

If your head is spinning, there are easier ways such as using a password manager. The password for that must be a hard one to crack. If the password manager has two factor authentication, make sure that you use that. Keep all the recovery information where you can find it otherwise you will be recreating all of your passwords.