Header Ads

The Ultimate Guide to Secure Passwords.


There is much ado about Passwords, and rightly so. Your password remains your first line of defense in securing your digital assets. Although there has been much talk about Biometrics like fingerprints replacing passwords, I think that would be a wrong move. Rather than having an either/or situation where it comes down to a user having to make a choice between using a password or some other form of Biometrics, it should be a both/and situation where the user uses a password and some other form of Biometrics for authentication. Whilst we are still yet to cross that bridge, it is imperative we focus on increasing the security strength of the current method which is using passwords.

The first step in doing this is to create secure passwords. Infosec consultants, Nihad Hassan and Rami Hijazi recommend the following tips below which in my opinion is excellent advice concerning passwords;


  • The password should be at least 15 characters in length for maximum security.
  • The password should contain at least one lowercase letter, one uppercase letter, one number, and one symbol (e.g., # % &).
  • The password shouldn’t be your username or even part of it.
  • Do not use your spouse’s, family member names (including your name), or pet’s name as part of your password.
  • Do not share the same password between your spouse or friends (have two e-mails with the same password).
  • Do not use your gender or birth date/place as part of your password.
  • Do not use places names for your password (country, city, street name, school, or university name).
  • Do not use famous people’s names as your password (e.g., famous movie actors, political leaders, public figures, singers).
  • Avoid sequences when creating passwords (consecutive letters, numbers, or keys on the keyboard such as 123456 or asdfghjkl).
  • Do not use the same passwords for two different accounts (e.g., your bank account password and your private e-mail password should not be the same).
  • Change your password once every three months.
  • Do not use the same password again (e.g., when you change your e-mail password, do not return and use any password you were using during the last year).
  • Do not use dictionary words as your password or part of it.
  • Do not use real words from foreign languages as your password.
  • Use a password manager to organize and protect passwords, generate random passwords, and automatically log into web sites.
  • Don’t store your passwords in an unencrypted text file or Microsoft Excel spreadsheet or any other file type that is not encrypted. Also, never write down your password on paper. If you want to take your password with you and you are afraid that you may forget it (because it is complex), then use a portable password manager and keep it on your smartphone or on your USB stick drive.
  • Do not let your web browser save your entered passwords.
  • Do not use tools to automatically generate your password for top important accounts (e.g., bank accounts and medical record accounts). For such important accounts, follow the rules already mentioned and create something from your mind.
  • Do not send your password if someone requests it from you. Many social engineering attacks involve making users trust the attacker and getting them to share their passwords.
  • Whenever you hear about a data breach in press, instantly change your affected account password.
  • Do not ever type your password on a computer that does not belong to you.

If you are having difficulties thinking up a strong password, then using a password generating tool is your best bet. A good tool you can use for this is the SecureSafe pro password generator. This is a desktop app you can run in windows to help generate a strong password. But since most password manager tools contain a password generation utility, you’d be better off using a password manager that can generate a strong password.

 A good password manager is Password safe Designed by renowned security technologist Bruce Schneier. It allows you to easily and quickly generate, store, organize, retrieve, and use complex new passwords, using password policies that you control. Howtoanswer.com has a cool user guide on how to use Password Safe.




Another password manager worth checking out is KeePass Password Safe. Another advantage of password managers is that they provide resistance against some types of keyloggerattacks. Finally avoid using browser password managers. Whenever a browser opens a pop-up asking for you to save your password, always decline. This is because there are some tools like WebBrowserPassViewthat can extract saved passwords on your web browser.


No comments

Powered by Blogger.