Creating strong passwords for all your online accounts is not a thing you should do. It is a thing you must do. Two months ago, my Google account was hacked into. The hackers changed my password and blocked my access to the account. Luckily, I discovered this early and got Google to change my password via my secondary email account.
Last week, the MakeUseOf Google account was also hacked into and the hacker had the audacity to transfer the MakeUseOf domain out and blackmail the owner. In case you are still thinking that your password is strong and safe, maybe it’s time to wake up.
What makes a strong password?
I shall not elaborate on this since many sites have already discussed this in great detail. In a nutshell, a strong password must constitute the following:
- It needs to contain special characters such as @#$%^&
- It must be at least 8 characters long.
- It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
- a variation of capitalization and small letters
In my opinion, even if your password consists of the above, it is still not enough. Your password needs to be totally unique and different for each and every one of your online accounts. This is to make sure that in the event that one account is hacked into, your other accounts will not be affected.
You must be wondering how you are going to remember so many passwords when you have a problem remembering your existing one. Here are some steps that I have used and they are very powerful. Here it is:
1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. It must be at least 8 characters long. I call this the salt term. For demonstration purposes, I will use my name Damien Oh as the salt term throughout this article. Note that the capital letters and the space in between the name are part of the salt term. For your own account, please select a salt term that is difficult for other to guess.
2. I used the following rules to replace the regular characters with special characters. You can form your own rule.
- Replace all the ‘a’ with @
- Replace all the ‘s’ with $
- Repalce any space with %
- Replace any ‘o’ with 0
- Replace any ‘i’ with !
In this case, the simple term Damien Oh becomes D@m!en%Oh.
3. Now go to [NO LONGER WORKS] Password Meter (see MakeUseOf review here) and test the strength of your salt term. This is the result of the above term. If your salt term is not strong enough, you will see a list of items that you can improve on.
4. Once you are happy with your salt term and are sure that only you can decipher it, go to any of your online accounts now. To set a password for that account, append the name of the site, or the URL of the site to the end of your salt term.
For example, for a MakeUseOf account, I will use D@m!en%OhM@keU$e0f as my password and use D@m!en%OhG00glem@!l for my Gmail account. If you do this for each and every one of your sites, you will be surprised to find that you have just created tens, hundreds, or even thousands of different passwords that you can remember easily.
Instead of the site name or the URL, you can also a variation of the site names or any other names that are related to the site.
Is that enough?
That is only the beginning. To really make it secure and hard for others to guess, you will need to change your password every few months. Some of you may find it a chore to come up with new passwords every month. Here is what you can do:
Instead of appending the site name to the end, you can now append it to the front, in the middle or even split the site name out into few parts. For example:
You can also change the replacement characters such as @ for ~ and whatsoever. You can also do a complete changeover of your salt term to come up with a totally different password.
Generating and using a strong password is only your first line of defense against hackers. The most important thing that you should take note of is your internet browsing habits. When you are using a public terminal, make sure that it has the proper firewall and anti-virus installed, make sure your network is secure, log out when you are done with your session and clear the cache once you are done.
What other methods do you use to generate your passwords?