The most common mistake people make when choosing a password is to use a recognisable word commonly found in a dictionary. This is risky. "Brute force” hacking describes the approach hackers use to force their way into a system by repeatedly trying different password combinations. If your password is a dictionary word, your account is far more susceptible to this type of hacking because your password will be on the list of possible passwords used in a "brute force” hacking attempt.
Rather than use a random but easily-hacked dictionary word, you might base your password on something close to you: your child’s name, your pet’s name, your favourite band etc.
Even if this provides a non-dictionary password, someone can still discover it if they know something about you. "Social engineering” is the unethical practice of getting someone to divulge personal details with a view to gaining information that might reveal potential passwords. If someone knows your mother’s maiden name, your pet’s name or your house number, they have the necessary raw material to try a variety of probable passwords.
Committing your password to paper is a bad idea! Whether it’s a post-it note on the side of your screen, a label stuck to the underside of your keyboard or a scrap of paper on the pin board, you’re making a hacker’s life easy.
Never write down your password.
Here are some useful techniques that will help you to create a safer password.
Mix letters and numbers
If you do nothing else, at least ensure your password is a mixture of letters and numbers."mypassword123” is too obvious, where as "myp455w0rd” is just as memorable but somewhat harder to hack.
Combine two passwords
Rather than base your password around a single word that you can remember, why not combine two words? "frBLOGGSed” and "BLOfredGGS” are both better passwords than "fredBLOGGS”.
Telephone numbers / postcodes
Your phone number or postcode are too susceptible to social engineering but both can be used inventively. Instead of using "DE13SU” (for example), press the shift key when typing the numbers and you end up with "DE!£SU”, which is less hackable but still memorable.
Use different passwords for different purposes
Even if you do have a hard-to-crack password, you probably use it for a variety of different logins. This means that if someone were to hack your email account, they might automatically have worked out the password for your online banking and social media account too.
If, like most people, you have more than 2 or 3 online accounts, it’s too much to expect you to create and remember a different password for each.
Instead, think of one really strong password – perhaps using one of the methods outlined opposite – and then add to it something specific to the account you use it for.
For example, if your strong password is "DE!£SU”, you could use these different passwords for your online accounts:
None of these passwords are dictionary-based or particularly guessable… but as long as you can remember "DE!£SU”, you have a different password for every online account. Better still, each password is unlikely to be hacked and is easy for you to remember.
Remember the process, not the password
The best password is one that even you don’t know! If you can remember the process of creating a password, that’s all you need. Think of a letter that’s meaningful to you and, starting on that letter, make its shape on the keyboard:
All you have to do is remember "M” and you get this as your password: "mju7y6tfc”. Press the shift key part way through and it gets even better "mju7Y^TFC”! You’ll never be able to remember either of these passwords but the process of creating them is easy, so you have a high quality password that you will not forget.