Many people have poor password habits. They use the same password everywhere, and often use obvious tricks to please the conditions required on various websites.

These obvious tricks are making the first letter uppercase, adding a number to the end of the password, or substituting a O with a 0, or an S with a $.

Here are some tips on what you should and should not do regarding passwords.

Your passwords should:

Contain as many characters as possible – longer is better, although some websites do have a limit: woah!thispasswordisreallylong is better than short1

Includes uppercase and lowercase – mix it up a bit, not just the first letter: ITSnotTOOhardTOMIXTHECASES!! is better than Generic1

Include a number and/or symbol – Again, mix it up a bit. Don’t put the number or symbol at the beginning or the end: ADDSOMEsymbols$$HERE&THERE is better than Symbol$

Include multiple words – Multiple words is easier to remember than a sting of random symbols, numbers, and letters: PASSphrasesarewhatyou#WANT244 is better than Password1

Your passwords should not:

Include any personal details – YourName1, 25StreetName, 026343####

Contain the name of a family member, friend, or pet – Father1950, Lucy90, Socks1,

Contain the name of your town, farm – Grenfell2810, PropertyName2810

Make obvious substitutions. i.e. 0 instead of o, 1 instead of l, $ instead of s. Gr3nf311 is stronger than Grenfell, but cyber criminals know that we often replace letters with numbers that look the same.

Contain only a single word: Single dictionary words are the worst password you could choose. A cyber criminal attempting to log into accounts is going to access the accounts with the most simple passwords first. If you password can be found in a dictionary, your account will get compromised first.

I hope these hints help you to create better and more secure passwords!

---

For more password tips check out our other blog posts on Password Security and Creating Strong Passphrases using Diceware.