Time to Change Your Passwords

With more than 2 million passwords stolen from Facebook, Google, Yahoo, Twitter and the payroll company ADP It's time to Change your password.

I. Two essential password rules:

Following two rules are bare minimal that you should follow while creating a password.

Rule 1 – Password Length: Stick with passwords that are at least 8 characters in length. The more character in the passwords is better, as the time taken to crack the password by an attacker will be longer. 10 characters or longer are better.

Rule 2 – Password Complexity: Should contain at least one character from each of the following group. At least 4 characters in your passwords should be each one of the following.

1. Lower case alphabets
2. Upper case alphabets
3. Numbers
4. Special Characters

I call the above two rules combined as “8 4 Rule” (Eight Four Rule):

• 8 = 8 characters minimum length
• 4 = 1 lower case + 1 upper case + 1 number + 1 special character.

Just following the “8 4 Rule” will be a huge improvement and instantly make your password much stronger than before for most of you who don’t follow any guidelines or rules while creating a passwords. If your banking and any financially sensitive website passwords doesn’t follow the “8 4 Rule”, I strongly suggest that you stop everything now and change those passwords immediately to follow the “8 4 Rule”.

II. Guidelines for creating strong passwords:

1. Follow “8 4 Rule”. Like I mentioned above this is the foundation of creating a strong password.
2. Unique Characters. Should contain at least 5 unique characters. You already have 4 different character if you’ve followed “8 4 Rule”.
3. Use Password Manager. Strong passwords are hard to remember. So, as part of creating a strong password you need a reliable and trustworthy way of remembering the strong password. Using password management tool to store passwords should really become a habit. Anytime you create a password, note it down on a password manager tool, that will encrypt the password and store it safe for you. I recommend Password Dragon (Shameless plug. I’m the developer of this software), a free, easy and secure password manager that works on Windows, Linux and Mac. This can also be launched from the USB drive. There are lot of free password manager tools available, choose the one that best suites your taste and use it.
4. Use Passphrase. If you don’t want to use password management tool, Use Passphrase to easily remember the passwords. You can use initials of a song or a phrase that are very familiar to you. for e.g. “Passwords are like underwears, change yours often!” phrase can be converted to a strong password “Prlu,Curs0!”

III. Guidelines for avoiding weak passwords.

Avoid the following in your passwords. Even part of your passwords should not be anything in the following items.

1. Password same as username or part of the username
2. Name of family members, friends or pets.
3. Personal information about yourself or family members. This includes the generic information that can be obtained about you very easily, such as birth date, phone number, vehicle license plate number, street name, apartment/house number etc.
4. Sequences. i.e consecutive alphabets, numbers or keys on the keyboard. for e.g. abcde, 12345, qwert.
5. Dictionary words. Dictionary words with number or character in front or back
6. Real word from any language
7. Word found in dictionary with number substitution for word look alike. for e.g. Replacing the letter O with number 0. i.e passw0rd.
8. Any of the above in reverse sequence
9. Any of the above with a number in front or back.
10. Empty password