5 Pa$$word Best Practices — Tips and Tricks to Make Managing your Password Less Painful

28 January 2018
by Jeremy NewmanJeremy Newman

In this day and age it is paramount to force yourself to adhere to strong password policies. Laziness and hubris would have us use the same easy to remember password everywhere, but don’t do it! It never ceases to amaze me how many people use passwords like: “password”, “1234”, or “qwerty”.

 As the System Administrator of CodeWeavers, I’ve put together 5 password protection best practices.

Never Reuse!
Never EVER use the same password more than once. This one is critical. If one password is figured out, you reduce the potential damage by eliminating duplicates.

Use a Password Database.
When creating unique passwords everywhere, it becomes near impossible to keep track of all of them unless you have the mind of Sheldon Cooper. Popular password managers include LastPass or KeePass. I prefer KeePass, which uses a cloud storage backend. Unlike, LastPass, KeePass is multiple factor, they’d have to hack your cloud storage account, find the file, and then hack the file itself.

Consider Password Entropy.
This is a measurement of how unpredictable a password is. Never use things like single dictionary words, or personal information such as addresses or birthdays. Make your passwords as long as you can. I like to create easy to remember phrases or quotes. I concede that long passwords are a pain to type in on mobile, but that extra few seconds can save you from a world of trouble down the road. For example “May the Force be with you!” or take example from Yoda, “Be with you the Force is!" Be original! Don’t use these, find your own. Hackers are smart, and common phrases can easily be added to cracking databases.

Create a Common Password Template.
I use a easy to remember strategy for sites where no personal information is stored. I create a phrase that contains the name of the site, and re-use it. For example: “Man, PhotoBucket is a pain!”, then to reuse on Reddit, “Man, Reddit is a pain!”. This can save you time while maintaining a strong password. I do stress, don’t use this on banking sites or places where you have credit card info stored. This doesn’t break rule #1, as you have changed enough of the string.

Be Vigilant.
If a site is compromised, change your password there as quickly as you can. There is a fantastic website called haveibeenpwned.com that will notify you if your email is listed on a known compromised site.

Finally, Relax. The thought of managing this can be overwhelming at first. But, like many good habits, once it becomes ritual, the stress of it all is reduced. Until next year’s Data Privacy Day – happy passwording!

— N

About Jeremy Newman
Newman has been the Systems Administrator and Webmaster for CodeWeavers since 2000. He is a Swiss Army Knife of I.T and keeps the hamsters running in all of our Servers. Contact Mr. Newman at jnewman@codeweavers.com and learn more about his professional accomplishments on LinkedIn.

About CodeWeavers
Founded in 1996 as a general software consultancy, CodeWeavers focuses on the development of Wine – the core technology found in all of its CrossOver products. The company's goal is to bring expanded market opportunities for Windows software developers by making it easier, faster and more painless to port Windows software to Mac and Linux. CodeWeavers is recognized as a leader in open-source Windows porting technology, and maintains development offices in Minnesota, the United Kingdom and elsewhere around the world. The company is privately held.

The following comments are owned by whoever posted them. We are not responsible for them in any way.

New Comment

Please Wait...