In this day and age it is paramount to force yourself to adhere to strong password policies. Laziness and hubris would have us use the same easy to remember password everywhere, but don’t do it! It never ceases to amaze me how many people use passwords like: “password”, “1234”, or “qwerty”.
As the System Administrator of CodeWeavers, I’ve put together 5 password protection best practices.
Never EVER use the same password more than once. This one is critical. If one password is figured out, you reduce the potential damage by eliminating duplicates.
Use a Password Database.
When creating unique passwords everywhere, it becomes near impossible to keep track of all of them unless you have the mind of Sheldon Cooper. Popular password managers include LastPass or KeePass. I prefer KeePass, which uses a cloud storage backend. Unlike, LastPass, KeePass is multiple factor, they’d have to hack your cloud storage account, find the file, and then hack the file itself.
Consider Password Entropy.
This is a measurement of how unpredictable a password is. Never use things like single dictionary words, or personal information such as addresses or birthdays. Make your passwords as long as you can. I like to create easy to remember phrases or quotes. I concede that long passwords are a pain to type in on mobile, but that extra few seconds can save you from a world of trouble down the road. For example “May the Force be with you!” or take example from Yoda, “Be with you the Force is!" Be original! Don’t use these, find your own. Hackers are smart, and common phrases can easily be added to cracking databases.
Create a Common Password Template.
I use a easy to remember strategy for sites where no personal information is stored. I create a phrase that contains the name of the site, and re-use it. For example: “Man, PhotoBucket is a pain!”, then to reuse on Reddit, “Man, Reddit is a pain!”. This can save you time while maintaining a strong password. I do stress, don’t use this on banking sites or places where you have credit card info stored. This doesn’t break rule #1, as you have changed enough of the string.
If a site is compromised, change your password there as quickly as you can. There is a fantastic website called haveibeenpwned.com that will notify you if your email is listed on a known compromised site.
Finally, Relax. The thought of managing this can be overwhelming at first. But, like many good habits, once it becomes ritual, the stress of it all is reduced. Until next year’s Data Privacy Day – happy passwording!
About Jeremy Newman
Newman has been the Systems Administrator and Webmaster for CodeWeavers since 2000. He is a Swiss Army Knife of I.T and keeps the hamsters running in all of our Servers. Contact Mr. Newman at email@example.com and learn more about his professional accomplishments on LinkedIn.