A Quick Guide to Password Security
In this article, we will guide you on password security. There are several things that we think you might need to know regarding practicing safe passwords.
Your server is only as secure as your weakest password. As a rule of thumb, the more lengthy and complex a password, the stronger it is. Follow the best practices below for generating difficult to crack passwords.
Best Practices
Here are some Dos and Do nots:
DOs
- DO Use Passwords of At Least Ten Characters: The more characters, the more difficult a password is to crack. Length is key. Create lengthy passwords of at least 10 characters!
- DO Create Unique Passwords: Each password you use should be for a unique service (ex. cPanel, MySQL, and your bank account should all have different passwords).
- DO Use a Combination of Character Types: Use numbers, lowercase letters, uppercase letters and symbols in your password. (ex. XkeDZaJ6QG3E8!jKq3%yIOd3)
- Change your passwords at least every six months
- DO Randomly Generate the Password: Use one of the following sites to generate a secure password: Norton by Symantec, Random.org, or Random Password Generator
DO NOTs.
- etc.: We’re absolutely sure your dog is adorable. But, her name probably isn’t a good password. Unless her name is Tmb1W>r~ii, then that’s cool.
- DO NOT Reuse Passwords: Let’s say your first password for an account was gCB7%TT^Vm but you were forced to change your password, so you changed it to v8@#TsVaiQ. If you have to change the password for that account again, do NOT go back to gCB7%TT^Vm. Create a new, unique password instead!
- DO NOT Use Adjacent Keyboard Strings: qwerty1234 is not a good password.
Examples of BAD Passwords
awesomedog
sunshine12
coolguy18
kerri28
password
root
jasonthehoff
jimhalpert
GOOD Passwords (but don’t use these)
Tmb1W>r~ii
Da$up#aPhAJ*cRe3
*@7X#JjI6j4e#cC2axjFz%j@
gCB7%TT^Vm
v8@#TsVaiQ
8c0e^zi&ISEk%9&0Wa
Remembering Passwords
A password like *@7X#JjI6j4e#cC2axjFz%j@ is likely going to be difficult for most people to remember. But, a long password is difficult to crack, and can be crafted from some common piece of information. A joke, a hobby, a book/movie quote, or an interest of some sort can be used as the basis for a secure password. Take the quote, “Life — uh — finds a way,” from Jurassic Park. We can build this into a secure password by changing out some characters and adding a few numbers: L1f3-;uH;-F1nd54wAy! That’s a secure password that would be much easier to remember.
Password Managers can remember passwords for users. Keep in mind, however, that a Password Manager is a gateway to ALL of your passwords. Having one password that can access all the rest of your passwords and sites is certainly very risky, and against best practices.