Every website on the internet that tracks membership has a password. It's just an easy way to make sure that you're getting a personal experience and accessing information meant for you. Unfortunately, decades of hacking, confidence scams, and other forms of infiltration have lead to requiring users (you) to be more complex with their passwords and personal information security. It's hard to know the right or wrong way to make a password if you don't understand what's wrong in the first place, so here's some information on password security and what to avoid.
Easy-to-Guess Passwords Concepts
Passwords need to be remembered by the person who made it, but it can't be easy for others to guess. This means that your name, your address, the names of family members, or other personally-relatable information are off-limits if you want to be safer from hackers.
Many websites ban the use of dictionary words. This is exactly what it sounds like; if a password can be found in the dictionary with little or no variation, you can't use it. A password needs some other variation to make it valid and safe.
The issue with relying on dictionary words--no matter how obscure—is that it's not a physical person who enters the illegal password attempts. A dictionary attack is an old, basic, and crude technique that wouldn't be worth mentioning if some people (and poorly-designed systems) still used or allowed dictionary words for password. Automated instructions called scripts can be used to enter a database of words, phrases, and known passwords.
A good system will block password entry attempts after a certain number of tries. For user convenience, the account usually unlocks to allow more attempts after a few minutes. A hacker can even program an automated delay to keep going, so if you're not using the account often, attempts can be made until something eventually works. Such attacks made in bulk are called brute force attacks.
Adding Variation With Purpose
If you add some variation to the password, it becomes harder to crack--a term that simply means breaking or unlocking security. For example, the word Toilet can be changed into a password. Toilet itself is in the dictionary and is a fairly common word. In addition to being easy to guess, most websites will not allow you to use a simple word as a password.
Here are a few variations:
- Toilet1!—Adding a 1 and an exclamation mark makes the password harder to guess, but 1! is actually a known technique for password variation by many veteran computer experts. It may be accepted on some sites, but try something more complex.
- 70!137—This is the word toilet with the letters replaced by numbers and symbols that look similar. The 7 is a T, the O a 0, the i an exclamation mark to represent an upside-down i and so on. This is a great password in terms of complexity, but may be too short for some systems.
- FlushingToiletBuyPaper—These are all dictionary words, but strung together in a phrase that isn't so easily cracked by just combining words in the dictionary. It is sufficient, but you could make it better with numbers and symbols.
If you're not able to memorize these changes to your password, a secure password manager can help. It's good to use different, complex passwords for every site because a compromise at one can allow hackers to use your password anywhere. The secure password manager can maintain different passwords behind a single, secret master password. Contact a computer security professional to learn more.