Sophos

Articles >

How to choose passwords

Sophos

Passwords are your protection against fraud and loss of confidential information, but few people choose passwords that are truly secure.

Make your password as long as possible

The longer it is, the harder it is to guess or to find by trying all possible combinations (a “brute-force attack”). Use eight characters or more.

Use different types of characters

Include numbers, punctuation marks, upper-case and lower-case letters.

Don’t use words that are in dictionaries

Don’t use words, names or place-names that are usually found in dictionaries. Hackers can use a “dictionary attack” (i.e. trying all the words in the dictionary automatically) to crack these passwords.

Don’t use personal information

Others are likely to know information such as your birthday, the name of your partner or child, or your phone number, and they might guess that you have used them as a password.

Don’t use you username

Don’t use a password that is the same as you username or account number.

Use passwords that are difficult to identify as you type them in

Make sure that you don’t use repeated characters or keys close together on the keyboard.

Consider using a passphrase

A passphrase is a string of words, rather than a single word. Unlikely combinations of words can be hard to guess.

Try to memorize your password

Memorize your password rather than writing it down. Use a string of characters that is meaningful to you, or use mnemonic devices to help you recall the password.

Don’t store your passwords on your computer or online

Hackers may be able to access your computer and find the passwords.

If you write down your password, keep it in a secure place.

Don’t keep passwords attached to your computer or in any easily accessible place.

Use different passwords for each account.

If a hacker breaks one of your passwords, at least only one account has been compromised.

Don’t tell anyone else your password

If you receive a request to “confirm” your password, even if it appears to be from a trustworthy institution or someone within your organization, you should never disclose your password. (See Phishing).

Don’t use your password on a public computer

Don’t enter your password on a publicly available computer, e.g. in a hotel or internet cafe. Such computers may not be secure and may have keystroke loggers installed.

Change your passwords regularly

The shorter or simpler your password is, the more often you should replace it.

from “Sophos A to Z Computer Security”

Subscribe in a reader