Genuine Curiosity

Author Dwayne Melancon is always on the lookout for new things to learn. An ecclectic collection of postings on personal productivity, travel, good books, gadgets, leadership & management, and many other things.


Do's and Don'ts for Password Creation

In today’s world of online shopping, online banking, cloud data management and Internet-based teleconferencing, protecting yourself is more important than ever. The recent batch of stories relaying the horrors of celebrities and corporations being hacked and sensitive data being exposed only serves to highlight the necessity of having good security. The first place to start is with your own passwords.

People assume that if something has a password, it is protected. This is not always the case. Many hackers are adept at guessing passwords, giving them total access to all of your personal information.

How can you make your password more secure? There are several techniques you can employ, all of which will increase the strength of your passwords and help keep you and your information safe and secure. Here are a few do’s and don’ts.


Do go long. The longer the better. While you don’t want to go crazy because long passwords can be impossible to remember, make sure yours is longer than nine characters. Can't be bothered to come up with your own unique passwords for every site you belong to? Check out Norton's free password generator where you can specify length and contents at the click of your mouse.

Do mix it up. Have a combination of lower case letters, capital letters, numbers and symbols, preferably at least two of each. And don’t put them in a predictable order (in other words, don’t start your password with a capital letter).

Do use an anagram. Create your password using an anagram or sentence. “W!t2gMp&#b4uX” may look impossible to remember until you realize it stands for “Wait! try to guess MY password and numbers before u FAIL.”

Do take precautions. Remember that even the best password is not foolproof. For added protection, take advantage of services like LifeLock. It'll keep track (and alert you) of any suspicious activity on your accounts and will help you get your life back on track if identity theft happens to you.

Do use a password manager. Keep your passwords in a password vault (such as 1Password, LastPass, or a similar product). These products allow you to create random, complex passwords for each web site and stores all of them in a secure manner. 

Do change it regularly. If you've had the same password for more than a year, it is probably time to change it. I recommend a minimum of once per year - more often for critical sites. For example, I know someone who changes their online banking passwords at every time change (the same time he changes batteries in his smoke detectors). That is a good habit.

Use two-factor authentication, if it is available. More and more sites are offering two-factor authentication in which you not only enter a password, but you have to enter an additional verification code that changes all the time. The most common method these days is to send a text message to your mobile phone with a code that must be entered to complete the login process. Many banks and payment processors (such as PayPal) offer this as an option - it is easy and adds a lot of security to your account, and is highly recommended. 


Don’t use common passwords or familiar patterns. Using common passwords that are easy to remember might sound like a good idea, but they are often the first ones tried by hackers. Don’t use things like “iloveyou” and “password1." Check out the 25 worst passwords and read as a cautionary tale.

Hackers are also adept at using familiar patterns to guess passwords. Putting a capital letter at the beginning, numbers at the end or finishing with an exclamation point are all very common and predictable.

Don’t use your names or numbers. Avoid using common names or people in your life as part of your password. Also avoid things like the street you live on or the company you work for. All of these can be found out by doing a little digging.

Same goes for any numbers that can be associated with you or someone close to you. Birthdays, anniversaries, addresses, social security numbers, etc., all of these are easily discovered by potential hackers.

Don’t overlap. Using the same password for multiple devices or multiple websites can put you in danger. It may be a pain to remember all of them, but if a hacker is able to deduce one of your passwords, it is the first thing he will try on the rest of your security locations.  See the "Do" about password managers for ways to make this easier.