Ok, so you have this password that you have spent a bit of time setting up. You’ve picked something that ticks all the boxes.
It’s at least 8 characters long,
It has a few num8er5 in it,
It has a special ch@racter or two,
It may not lead with a Capital but has one or two dotted tHrouGhoUt.
Most of all, it’s memorable to you.
You are all set, right? You can freely use this password everywhere without fear of your Facebook account being hacked or your bank account drained. Not so fast – here are a few pro tips to keep you safer online:
Having one secure, killer password is great. Do you know whats better? That’s right, having two… but why stop there.
You don’t need to go overboard and have a different password for every different service you have online.
When you next enter a password on your computer ask yourself:
If someone knew this username/password combination, what other services of mine could they possibly get access to?
What if they obtain the username/password combination from those services instead, would they be able to then access the systems you are currently logging into?
Set up a few passwords to span across your services.
Start with a 3 tier password system:
Low Level – Forums, random website logons.
Mid Level – websites that hold more personal information, websites that have Credit Card info stored.
High Level – Banks
Later you may find a 5 tier system to be more beneficial.
Don’t be predictable.
password, Password, Password1, P@ssword1, fbPassword1, applePassword1
Starting to see a pattern? Hackers do too.
Prefacing the service the password refers to may not be your best move. It’s noticeable and will allow your root password to be modified and used elsewhere.
Also, make sure your password doesn’t feature on the latest darkc0de or RockYou password lists
Here is the RockYou Top 100 from 2009, I doubt it’s changed too much.
Bigger is better.
A longer password normally takes longer to force. But be reasonable, you don’t want it to be so long that you won’t remember it. Let’s go with a 12 character minimum.
Need help coming up with a memorable 12 character password?
Go to System Preferences, then Users & Groups.
Click on the Change Password button:
Now click on the Key icon to launch Password Assistant.
Set the Type to Memorable and slide the Length to 12.
Click on the Suggestion drop-down to see more password suggestions:
Then tweak these passwords to your liking and requirements.
Rotate your passwords.
Congratulations you’ve built four or five memorable secure passwords: You’re set for life now…surely?
It’s a good idea to cycle passwords out as they age. Quite often a username/password combination will become compromised through no fault of their creator. Services get hacked, sometimes at the administer level. This can cause Userlists or Password lists to fall into the wrong hands.
Therefore a rotation of passwords will shorten the window in which your active passwords will be useful for all the locations where that combination is used. Three to six months is a good rule of thumb.
Storage and management
Now you have a set of passwords that you have to manage. How do you handle them all?
There are plenty of third party password management programs out there,* for example:
If you prefer you can use a suitable book hidden amongst your first editions on the bookshelf, or even setup an encrypted excel document. What ever you choose just remember that the password (or book) you use to lock these other passwords away with becomes the most important of them all, guard it carefully, feed it often. Whatever you do, do not keep them in a file labeled “Passwords.”
Overwhelmed? Is it all too much?
Mac Aid can act as your trusted third party and arrange recording, deployment, rotation and management of your passwords. Whether you are a single user or require a password policy for a whole office, contact us for assistance.
*There are many third party password management programs available, however please be sure to do your research before hand to make sure you are choosing a secure management service.