An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

March 3, 2007

Keeping your Passwords Secure

Many people think it's hard to have a good password because it should be complicated and, as a result, hard to remember. When you create a new Google account, you can read some nice tips that prove you can create a strong yet memorable password.
* Include punctuation marks and/or numbers.
* Mix capital and lowercase letters.
* Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.
* Create a unique acronym.
* Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh'.

And some things to avoid (that could be summarized as: don't use passwords that are easy to guess).
* Don't use a password that is listed as an example of how to pick a good password.
* Don't use a password that contains personal information (name, birth date, etc.)
* Don't use words or acronyms that can be found in a dictionary.
* Don't use keyboard patterns (asdf) or sequential numbers (1234).
* Don't make your password all numbers, uppercase letters or lowercase letters.
* Don't use repeating characters (aa11).

And, of course, the obvious: "never tell your password to anyone (this includes significant others, roommates, parrots, etc.), never write your password down, never send your password by email."

So, the next time when you create a new passwords, think of a quote you like, an old saying (maybe not in English or your native language), use punctuation and replace some letters with similar digits or other characters. You can also use short forms for some of the words.

There are many places where you can test show strong a password is. One of them is available if you go to Google.com, sign out and then click on "sign in". Choose "create an account now" and type your password. Google will indicate you if your password is strong, fair or weak. Then you can use the password wherever you need it.

If you can't come up with a new password for each new site you sign up, at least try not to use the same password you have for your mail account (many people sign up using the email address: myemail@yahoo.com and choose the Yahoo password). If that site has security problems and your account is compromised, your Yahoo account will be compromised as well.

Also, be aware that most browsers offer to store your passwords, so they can auto-complete them. Many times they are not stored securely and anyone who has physical access to your computer can find the passwords (for example, go to Firefox > Tools > Options > Security > Show passwords > Show passwords again). That's why it's a better idea to use password managers like Password Safe, KeePass, RoboForm, that store your passwords securely and can manage any kind of password. In Firefox and Opera you could also use a master password, but there are commercially tools that can recover master passwords.

A small summary and some other tips:
* create strong passwords that mix digits, punctuation, capital and lowercase letters by thinking at a memorable quote and making some replacements or using acronyms
* don't share your passwords with anyone
* don't use the same password for all your accounts
* try not to use the built-in password managers from your browser. Use safer tools, if you really need a password manager.
* change your password from time to time
* try to stay away from sites that don't use secure authentication (look for https in the address bar)
* sign out when you finish a session

Do you have other ways to keep your passwords secure?

This blog is not affiliated with Google.