How to Create a Great Password
I get it, running a small business is a lot of work and typing in a complex password every time to access an important account is a bother. I agree. It sucks, but it is still important, so choosing good passwords should be given some serious thought.
I recently helped a client who noticed unusual transactions on their Paypal account. It appeared like he was sending out payments, but he had done no such thing. It turned out someone had figured out his password and was making withdrawals in his name. Ouch.
Hackers typically use software that can try many variations of a password from multiple different attack sources – this is called a brute-force attack. However, in my client’s situation I am guessing that the thief simply tried a few combinations until they were in. The original password was eerily similar to several others my client used, so it was easy enough to try a few combinations and gain access to his Paypal account.
This situation is very common because people have so many passwords to remember. I usually recommend that my clients us a password manager. This is a software application that generates good passwords and keeps them in memory for quick access. Unfortunately, that requires some investment (cost) and does take some time to learn. It also adds another layer of complexity which increases the potential for human error, like forgetting the master password.
So, I wanted to share some more traditional (and free) options that anyone can use. I will also present them in increasing complexity so that you can choose how far to tighten up the security for your specific needs.
Steps for Choosing a Good Password
Passwords must be long and complex, but if you are already busy running a business you may not have the time for this. What you need instead is some good passwords that are easy to remember. So here are some steps that I recommend to my clients on how to choose good passwords. They are simple, easy to implement and will help make your accounts more secure.
The Basics:
Start with two words that are completely unrelated to each other. More importantly, they should be completely unrelated to you – do not use your brother’s name, your age, your pet’s name, your car model, or your favorite Marvell character. Words that are familiar are all easy for a hacker to find out about you.
For example, let us start with two nouns:
float and chihuahua
Next, we add a verb in between to create action. This turns it into a phrase that makes it easier to remember. However, try using a verb that does not make much sense but works grammatically:
float yelling chihuahua
Now, string them together with keyboard symbols. Try using lesser-used ones instead of the overused “& and @”:
float^yelling+chihuahua
This makes for a fairly complex password already. For many cases, this is already a vast improvement over a password used before.
Adding some complexity:
Now, let us misspell the words a bit.
flowt^yeelling+chiwawawa
Then we add some numbers to the mix.
8flowt^2yeelling+7chiwawawa5
Compared to the password we came up with in the Basics section, this one is already considerably more complex. It certainly is going to be a challenge for a hacker to force or to guess.
Going for NSA-level:
The next few steps take the concepts above to a higher level. We will add more complexity and length.
Let’s duplicate some of the numbers
888888888flowt^2yeelling+777chiwawawa44444
Now, I added nine 8’s at the beginning and five 4’s at the end. This is easy for you to remember but it is far from something that a hacker or computer algorithm would anticipate.
It should also be mentioned that this makes it very hard for someone looking over your shoulder to keep track of – …hmmm… how many 8’s did he type in the beginning? This is important because this is a common method for stealing passwords. Sometimes the thief may hide a small camera behind you or hack into your own camera to see what you are typing.
Another recommendation is that whenever adding characters and especially numbers, stick to odd numbers different from the character you choose. For example, don’t add five 5’s. Using unexpected amounts of characters adds to the complexity – it moves away from predictable patterns, which is the goal with this step.
Adding Special Characters
Finally, we add some characters that are much harder to crack. Unlike keyboard characters, these are characters that you need to type with a key combination. For example, to get an “o” with an umlaut on top, you use the key combination “ALT+0214”. That is, you hold down the ALT key while typing the numbers 0214 on the keypad. On a Mac, you would use Option+0214. This would yield the following password:
888888888flöwt^2yéélling+777©hiwawawa44444
You can find a full list of special characters hat this website.
Analyzing the Process
We have now created a fairly complex password with no easily detectable patterns or relationships. Theoretically, we can continue the process by adding capitals, more special characters, more numbers, etc. There really is no end to this, but what we have created is probably enough for most small businesses.
By the way, many people like to use foreign words, too, but remember that not all thieves reside in the US, England, or Australia – they also speak other languages. More to the point, hacking software uses multilingual lists to force their way in, so this does not increase security much. If you do like to use foreign words, remember to misspell those as well.
Not every step above needs to be included and you can vary each step. Obviously, more complex passwords should be used for a bank account (yes, that includes Paypal and Apple Cards). On the other hand, a Facebook account can probably do with just the Basic steps above. Do what works best for each case, but the Basics steps above should be a minimum and are super easy to implement and remember.
Note that each step has made the password longer, 39 characters to be exact – always stick to odd numbers, remember. Mathematically speaking, the length of the password is one of the more important factors in slowing down both brute-force attacks using hacking software as well as unauthorized people just guessing them.
The first thing to remember, though, is to start with words that are not related to you. I cannot emphasize enough the risk of using familiar names – it is the most common error in choosing passwords and the most common reason accounts are compromised.
Conclusion
Choosing a good password does not need to be a hinderance because that would make you avoid doing so. Likewise, the password should not be difficult to remember, because that would make you want to simplify it. Finally, it should not be so complex that you end up mistyping it every time – and possibly locking yourself out of your own account.
One the contrary, passwords should be easy to create, remember and use while also being complex enough to keep your data safe. If not, they defeat the purpose of having them. This is why choosing a good password is something you should do seriously and consistently.
Fortunately, it does not have to be a chore. The steps above should make the process less daunting. There are other ways to generate passwords, I know, and some of them may be more secure. However, I wanted to offer some options for small business owners who have other things to do as well.
Passwords do not have to be a pain. I am a bit security-obsessive, so I actually like doing it. Perhaps one final piece of advice is to think of password creation like I do. Make it fun. Make it a tiny puzzle. Make it a small break from the monotony of your other work…
…but always remember to start with something that has no relation to you.