Forget everything you thought you knew about how to come up with a secure password
By Katrina Caruso
Whenever you open an account on any website, you face the challenge of inventing yet another password, following all the rules that in theory make it safe and secure.
In 2003, Bill Burr was a manager at the US National Institute of Standards and Technology. He created all those complicated rules regarding password strength. Last year, however, Burr told The Wall Street Journal that he had made a mistake—those rules were making passwords more complicated than they needed to be, and they weren’t making them all that much safer.
The US Identity Theft Resource suggests these guidelines:
- Longer passwords, over 15 characters, are best.
- Don’t use any known or common phrase or words that are easily recognizable—basically, if it can be found in a dictionary, don’t use it.
- All four types of characters should be used: upper case letters, lower case letters, numbers, and special characters.
- Don’t make the first or last characters the only upper or lower case letter or special characters.
- Don’t refer to anything that can be gleaned from your social media accounts. Avoid your last name, your hometown, or your dog’s name, for example.
Tom’s Guide, a tech website, recommends choosing a phrase you’ll remember, such as “I hate to work late” or “This little piggy went to the market.” Take the first letter of each word, replace some parts with numbers, and don’t make the substitutions regular, and you’ll end up with something like this: iH82wkl8 and tlpWENT2tm.
Is this all getting too complicated? You might consider looking into 1Password and LastPass, which are online password managers. Both work a little differently, so it’s a good idea to figure out which one is best for you.