Search the Community
Showing results for tags 'password best practices'.
I want to share something with you that some of you may not know. Knowing this might save you from being defrauded or having your identity stolen. Obviously your password should be secure but even with the most secure password imaginable it does little if you're going out every day telling people the password. You might do this often and not even realize it! Let me ask you this. When you find a new website that you like and you sign up, do you use the same password that you use for your primary email? If you do, you're asking for trouble. Malicious webmasters (and hackers who hack legit sites) can log that information and attempt to login to your email account that you supplied them with during registration. If you use the same password to signup as you use for your email and they're able to get in... the fun for them has just begun. Do you bank, get receipts from online retailers or associate that same email address with anything financial or personal? They will search and scour your inbox and outbox for anything of value. If your inbox has nothing of value, they'll use it to spam people. The password you use for your primary email needs to be secure. You don't necessarily need to get crazy on it but keep this stuff in mind when you set important passwords. Here are some suggestions and best practices for strong passwords. Password should contain characters from at least three of these categories: uppercase (A - Z); lowercase (a - z); base 10 digits (0 - 9); non - alphanumeric (e.g. !, $, #, or %); Unicode characters (if allowed). Password should not contain more than 3 characters from your account name For extra protection don't use any dictionary words. Even if you modify them slightly, it's build into many brute force algorithms to check for dictionary words and common modifications on dictionary words (use my nick as an example, CA3LE = CABLE... or 1337 = LEET ...CA3LE = 1337 too - simple math, lol). That will make it nearly impossible to hack, each addition makes it exponentially harder to figure out the password. Let me give you some examples with math. Well use a length of 8 characters in our password and see the difference in the number of combinations. If you use only a-z in your passwords 26^8 = 208,827,064,576 combinations A-Z and a-z (26+26)^8 = 53,459,728,531,456 combinations A-Z, a-z, 0-9 (26+26+10)^8 = 218,340,105,584,896 combinations A-Z, a-z, 0-9 & special characters (26+26+10+32)^8 = 6,095,689,385,410,820 combinations A-Z, a-z, 0-9, special characters & unicode characters (currently 1,114,112 characters and growing - Unicode Lookup is a cool website to check on that) (26+26+10+32+1114112)^8 = 2.37532993765908E48 ... so 237,532,993,765,908,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 combinations See how much harder the password becomes. Although, like I said, if you're using it elsewhere it might be sifted making it's complexity null. Personally, I have a little list of stupid passwords that I use to sign up for stupid things... sites that I'm not buying stuff from. Then a list of difficult passwords I use for everything else. If I think a site looks a little shady I'll register with a junk address on top of using the junk password. I'm not suggesting you make your password Uf∞8&iE¶ª2^;k¡∞¢•. But for god sake you can't use password123 anymore and you can't use the same email and password to signup on other sites. Trust me, it's dumb. Always has been but even more today.