How To Manage Your Passwords And Keep Them Safe

In this guide, you'll learn how to keep your IT systems and online services secure by using complex passwords. Too many people save their passwords in a spreadsheet or worse still, write down their passwords on notes stuck to their desks.

How to choose a secure password

People often struggle to choose a password for fear of either forgetting it or lack of inspiration. Equally, quite often, it can be a struggle to meet password complexity requirements. Most workplaces and online services now require secure passwords. 

Let's start here;

  1. Think of a word that you will always remember. For me, in this example, let's choose "skinny latte". I have one most days and I know I'll always remember this.

  2. Now, complexity requirements generally require an upper case letter, a number, and a symbol, so let's mix things up. 

  3. Start with capitalising the first or last letter and every word.
    We now have SkinnyLatte
    (This takes care of the uppercase letter element)

  4. Next, try to use numbers to replace some letters. For example, we could replace the letter E with the number 3. It's easy to remember this because the number 3 is just a back to front E.
    We now have Sk1nnyLatt3
    I replaced the E with the number 3 and i,  with the number 1
    (This now ensures my password both has lowercase and uppercase letters AND a number)


  5. Next, we need to add a special character to the password. So, let's ditch the S and replace it with the dollar symbol, $.
    We now have a secure, complex password that is easy to remember.
    $k1nnyLatt3

I use my password at the start of the day to log on to my computer. At the start of the day, I grab a coffee. This is an easy way to remember my password and meets the complexity requirements of most workplaces and online services. For even greater security, try integrating your password into a sentence instead.

ivejusthada$k1nnyLatt3
(I've just had a skinny latte)

Just so you know, this is not my password, it's just an example   :)

If you're struggling or want to be even more secure, Use a Password Generator.

 A password generator will generate a password for you automatically based on the requirements you set. This takes the decision making away from you but in return, you'll be presented with a more complex password that's ultimately, harder to remember and harder to guess. You'll probably want to use a password manager if you generate hard to guess passwords. (See Below)

Strong Random Password Generator

Strong Password Generator to create secure passwords that are impossible to crack on your device without sending them across the Internet, and learn over 30 tricks to keep your passwords, accounts, and documents safe.

That looks easy but what should I do when I have to change my password every month? 

Yes, it can be frustrating when you have to constantly change your passwords. It makes remembering them even harder. When you're prompted to change your password, you could simply add a number to the end of your password. Whilst it's still a secure password, many systems will prevent you from doing this. Windows server in particular (if set by your administrator) can prevent similar passwords. 

The trouble is, if a password is compromised by a hacker, they will, of course, give it a go. If it doesn't work (because you recently changed it), the first thing they're going to try is password2, password3, etc. Don't make it easy for hackers to break into your IT systems. Always choose a secure password and a password that has not been used before. 

Do not use the same password for multiple accounts or services.
Every service or website MUST have its own password.


What passwords should I avoid?

  • Known passwords such as password or letmein, password, qwerty or 123456
  • Any word in the dictionary
  • Anything that can identify you such as your name, date of birth, or the name of your dog.
  • Using a password you have used elsewhere.
  • Using a password you've used before

You should not use a word from everyday language because software exists that will take a text file and try every password until the correct one is found. A hacker uses what is known as a "Dictionary Attack" in an attempt to guess your password. This is why it's extremely important to get creative with your passwords.


I cant remember all my passwords. I have too many passwords to remember. 

Use A Password Manager
Password managers securely store your usernames and passwords in a single piece of software. Most will encrypt your password database so it cannot be easily read. You'll generally enter a single password and can then view all your passwords inside the database. 


Password management software generally comes in two flavours. You can purchase an online subscription to a password management service such as LastPass or download software to your PC.  



The Best Password Management Software 

...

KeePass Password Safe

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key. You've just 1 password to remember.

PROS: It's Free, Encrypted Database, Free Plugins Available, Easy to Use.
CONS: Works on the computer you installed it on. You can't access the passwords from another computer unless you have the database with you. No advanced features.



How do I check if my password has been previously hacked? 

You'll often see in the news that a website has had their data stolen.
Recent breaches include;

  • Easyjet - 2020 Data Breach - affecting 9 million customers
  • British Airways - 2018 Cyber Attack - ICO Fines BA £20 million, affecting 400'000 Customers
  • TalkTalk - 2016 Cyber Attack - with the theft of 157'000 records of customers data

There is a good chance you've had your data stolen if you've ever used one of these services. These are just 3 high-profile attacks but many smaller breaches occur every day. 
Email addresses, Home Addresses, Passport Information, and of course, your trusted passwords are just some of the information that has been previously stolen. 

Stolen data is generally sold on the DarkWeb or DarkNet or simply published for all to see. It allows anyone to buy up stolen credentials. 



LINK:    Have I Been PWNED?

Check to see if your passwords have been stolen or used previously. Data is checked against all known passwords from data breaches where the stolen data has been made public.

Imagine a scenario where you've used the same email address and password on many websites and your email address and password have been stolen. The hacker has managed to gain access to your email account. Whilst you may not have anything of interest in there, the hacker does notice an email showing you paid for a product with PayPal. Great he thinks! - Let's head over to PayPal and enter the email address and the same password. Damn, he thinks, on this occasion, they didn't use the same password. BUT WAIT - I can click the "I forgot my password" button.  A password reset link is sent to the email account he currently has access to, resets the password, and then heads off for an online shopping spree!

by Paul Stanbra


Password Advice In Summary 

  • Always use a complex password.
  • Never use the same password on multiple websites or services.
  • Never use words from the dictionary - a hacker can use a brute force attack.
  • Never use words that identify you such as your dog's name.
  • Change your password every 10 weeks.
  • Do not share your password with family members or work colleagues.
  • If you can't remember them all, use a password manager.
  • Periodically check to see if your password has been stolen. 
  • If the option is available, use Dual-Factor or Multi-Factor Authentication.
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Related Posts