FAQ IT Security Tech Blog

Good passwords recommendations

We often find users have difficulty remembering passwords and end up using the same password for their pc login and email accounts and every website including important sites such as their bank and credit cards.  As a result we have heard of individuals getting caught out by the “social” hackers tricks, where you sign up for something linked to facebook or twitter.  This is where someone will create a website which may look fairly harmless but will require you to subscribe and setup a password.  All the hacker needs to do is try the same password you have willingly supplied to your email and they could be in the money.  

If someone gets access or control of your email account then this can be used with the forgotten password links on most websites.  If the site also has a forgotten username link then this may also be used.

Most of us will happily give our email details out to anyone, assuming that junk filters and antivirus will capture anything bad, having a password of 8 complex characters may not save you from some attacks.  There are even lists of encrypted passwords available which translate an encoded password back into readable characters.

So what can we do?

Start with your email account – this should have a unique password which you never used on any other website.  Then have a separate unique password for any bank/credit card or social media account you have.

OK, easier said than done I hear you say.  

Here is a simple suggestion that will ensure that every site has a unique password 

  • Think of a phrase or word which you can remember.  It could be a location, an object or the name of someone or something – just as long as you can remember it.
  • Next for the site you are setting up access, Use the word and then add a few characters from the websites name or company that you then becomes a part of the password.

For example:

Lots of people still use password as their password… (I don’t recommend you use password)

Your facebook account password becomes

  • New password: FbPassword

If you need a number on the password or special character – !”£$%^&*()?;:’# then 

  • New password: Fb!P4ssword
  • For twitter this would then be: Tw!P4ssword

As you can hopefully see – the password is now more than the normal require 8 characters and would take even more time for a brute force or social hack to guess.

If the website also need to change passwords for the site on a regular basis, you can add the year or month to the end or before your phrase.

  • 2015 password: Fb!15P4ssword
  • 2016 password: Fb!16P4ssword

It’s always a good to change your passwords at least once or twice a year.  

Some sites only allow you an 8 character password, for these reduce you phrase, for example:

  • 8 character: Fb!P4ssw

The result is quite complex and should be easy for you to remember as long as you remember your phrase and rules.