How to create a password to give you peace of mind

Published by Rodney Hobson on 28 November 2017.
Last updated on 28 November 2017

How to create a password to give you peace of mind

There really is no excuse for failing to select a strong password, one that is hard for a hacker to crack.

It’s quite easy, for example, to string three random words together, beginning each with a capital letter, because complexity makes it harder for the hackers, while you get a memorable password.

Yet, left to our own devices, most of us would take a simple eight letter password and use it on every account, from banking to utilities, from our home computer to buying theatre tickets.

Research carried out by credit reference agency Experian earlier this year, found that more than half (55%) of the 2,001 people surveyed use the same password for multiple online logins. 

To make matters worse, passwords will probably be based on something highly personal, such as the company we work for or our child’s name.

These are the possibilities that a hacker will try first in trying to gain access to our accounts.

And just to top it off, you put all your favourite things on social media for everyone, including hackers, to read. Never publicise anything that you use as a password – or better still, pick passwords that are based on things that you would never mention in public.

Among the most common passwords are: password; monkey; football; 123456; and 123123. But while this is a good start, you should avoid these as they are far too easy for cyber criminals to crack.

How to create a strong password

The best way to create a strong password is to use three random words because length gives complexity.

The strongest passwords also contain a mixture of capital and lower case letters, numbers and symbols – so you can simply supplement these within your three random words.

One possibility is to substitute numbers or symbols that look similar to letters, such as 1 or ! for I; 4 for A; *, 0 or () for O; or 8 for B. You could substitute * for A or S since that is the first letter of the word asterisk and of star.

Do remember, though, that the more obvious a substitution is, the more likely a hacker is to guess it.

Another idea is to use the first letters from the line of a song lyric, preferably an obscure one. Use a different line of the song for each password.

Or select a book on your bookshelf and use the opening words on a page, using separate pages for each account.

Some sites tell you when you create a password whether it is weak, medium or strong. It should not need saying that you should ensure that yours are strong. The warning is there for your own good. Do not ignore it.

How to remember passwords

The main problem is to remember all your passwords, especially if you follow sensible advice to have a different password for each account.

The idea behind picking three random words to create your password is not only because it’s strong, but also so you can pick something that’s memorable to you but not easily guessable to others.

At the very least, have a strong separate password that’s easy to memorise for your email account, which is typically the gateway to your identity and to other financial information. Make sure that this password is completely different from any others you use. Accounts that don’t have money in are obviously less important than those where a hacker can cost you cash.

Do not store a list of your passwords anywhere on your computer or written down on paper in your house. If anyone succeeds in hacking into it they will take the list and use it. Also, do not tell your computer to save a password unless the account in unimportant.

If you must write passwords down in order to remember them, encrypt them in a way that is familiar to you but makes them indecipherable by others.

Those who simply cannot cope with multiple passwords may find that the solution lies with online password managers. These online accounts, which are available as free and paid-for services, typically store all your log-in details and protect them with a single master password.

The big worry with these services is whether the information is safely stored in the cloud, given that other supposedly safe websites have been hacked.

One provider Moneywise spoke to says data is encrypted and decrypted on your device and that the master password is not accessible even by the company itself. It adds that authentication when logging in requires two steps to provide extra security.

Ensure you check how safe your passwords are before signing up to these services. For more information about password managers, see 17 ways to protect your money in 2017

Change passwords if a company you use is hacked

But it is not only you who needs to keep passwords secret. You are relying on any site you use to be equally careful.

If any company that holds your password has its computer system hacked, you should assume that your password has been stolen and will be used fraudulently. Do not wait for the company to admit passwords have been stolen.

If this happens to you, and you use the same password on other accounts, then you need to change your password on every account immediately.

Making and memorising strong passwords may seem a lot of boring effort. It is, however, a lot less stress than having your bank account cleared out.

For more information on this and tips on how to protect yourself online, visit the Moneywise hub in partnership with Cyber Aware - Stay secure online: How to be Cyber Aware - and see Cyberaware.gov.uk.  

Please also take a few seconds to fill in the below poll.

Leave a comment

I use a friends name then a

I use a friends name then a non alphanumeric digit then a significant date and personalise each with something to do with the company I am accessing in upper and lower car letters so for example and example only DaViD-251200TeScO and then all I have to remember is the base password. My e mail password is a mix of upper lower and spurious characters

It makes me laugh when I see

It makes me laugh when I see these recommendations for passwords etc. I now have 123 different online accounts that require 1 or more password or PIN No. If I follow the advice, I should use a different password for each of them.
I should change them every 3 months or so, and am usually not allowed to re-use a password that has been used before on that account. How on earth am I going to remember them without writing them down somewhere? And password managers are only as good as the security of their system; if you lose one, you lose the lot.

I used different passwords

I used different passwords for all my online accounts, until my Son who is very much into computer literacy, told me to just have one for all. I decided this was not a good idea, and in a secondhand bookshop bought a book of poetry (no I am not going to say the title) I opened the book at a random page, take any poem and using the last line just capitolise the first letter of each word. Throwing in a few #'s if necessary.

I leave one email in my inbox

I leave one email in my inbox that has a “do not reply” and will send a reply stating that the email box is unmonitored if you do try to reply.
I had several issues with my email when logging in to virgin tv....this uses the same email and password as the main virgin account. Suddenly I received replies from the unmonitored box, mentioned above, implying that somehow my email had been hacked and someone was trying to send replies to emails in my inbox.
Since I stopped using virginmedia tv, I have had no more issues but I still leave that one “do not reply” email in my inbox just in case.

I have almost a thousand

I have almost a thousand different (and strong) passwords and I don't remember (nor do I need to remember) a single one of them.
All that is necessary is the master password in my password manager. The password manager does all the heavy work and keep everything safe.

Thought that the expert who

Thought that the expert who first issued the advice about a mixture of numbers capitals and lowercase many years ago had now said he was wrong?

Actually the advice given

Actually the advice given here is flawed. Especially bad is the advice to substitute numbers for letters. This is well known to hackers and almost worthless. The best protection is simply to use a longer password. Sites that insist on upper and lower case, numbers and other characters actually make security weaker because they are reducing the search space. Generally speaking it is best to create a secure, long password and write it down somewhere that is secure, at home. OK a burglar could get it - but generally if you have been burgled you know about it and can change the password quickly.

One suggestion would be to use letter and or number sequences from the registration plates of cars that you have not owned recently (eg your parents' cars from childhood). You already remember them, they are high entropy and there is no direct way to guess them.

Thank you for the information

Thank you for the information. It is a great pity that "the geeks" in society don't contribute to society "to do good" and "prefer to do bad" and cause untold harm and distress to total strangers because of their dubious greed. Ghastly people with "evil on their minds and in their hearts.

new

It is annoying when companies

It is annoying when companies limit the size of the password to a fixed number of characters or don't allow non alphanumerics in the password.