Tuesday Tech: “fluffy” is NOT a good password

Because of the nature of different responsibilities of my job, I deal with numerous logins and passwords daily. Clients supply me with logins to their domain registrations so I can update their DNS records, or perhaps they give me the password to their google account so I can set up Analytics or Feedburner for them. I keep track of the logins and passwords for every client site we host, and of course I must keep track of all my own personal logins. I’ve seen all manner of passwords, from a name/birthday combination, to a pet’s name, and so forth. I have been known to gently chastise clients on their choice of passwords. I understand that it is important to remember your password — you’ve got to be able to get INTO your account in order to DO anything, but “fluffy” is NOT a good password, folks. If you are to follow only two pieces of password creation advice ever, let it be these two:

DON’T use your pet’s name, your birthday, your kid’s name, your spouse’s name, or a sequence of letters on the keyboard (like, “asdfghjkl”). Appending a number after your own name or even after a regular dictionary word does not a good password make.

DO make sure you have a combination of upper and lowercase letters, and sprinkle in some numbers. If allowed, use punctuation and other special characters.

Some programs, like WordPress (which this blog is built on),  will go as far as telling you how strong your password is. If a program tells you your password is weak, listen to it. Alter it somehow. Make it stronger.

Wordpress has a password strength indicator to give you an idea of just how secure your choice of password is.

Really, if you stick with the advice above, you’ll be way ahead of the game. But you could (and often should) go further. I have my passwords randomly generated. This means, unfortunately, that I rarely remember my login for anything off the top of my head, but there are ways around that. For PC users, I highly recommend using a password saver program like RoboForm or Scarabay, which I’ve been using for over five years. Password saver programs require you to remember only one password (the one to get into the program), and can store your passwords for all your online needs. I’m sorry to say I am not familiar enough with any password saver programs out there for Macs. Anybody have recommendations?

Finally, change your passwords when you can. I should say “often” but I know what a hassle it can be — I am guilty of not changing my passwords often enough. Perhaps devote a little bit of time every few months to password turn-over. Does that seem like too often? Try once a year, at least.

Have anything to add? Any further insights on secure password creation? How secure are you, or rather, how secure do you THINK you are?