How to Choose a Secure Password you can Remember
- At May 8, 2012
- By adminalison
- In Blog, Good Business Practices, WordPress
0
As a web developer I have access to many of my clients’ passwords, and have noticed that many of them are not as secure as they could be. Here are some recommendations.
What Not to Do
Avoid passwords such as ‘password’, ‘secret’ with a single number added, or those that use your name, business name, or a family member’s or pet’s name. With social media so popular these days, a hacker can usually find information about your family online, making it easier for them to guess your password.
Avoid choosing an obvious word and then adding the year to create a pasword. I see many users doing this. For example, let’s say they are creating a password for a library, they might choose library2007 as the password. Hackers are probably familiar with this common approach and would have written code that tries guessing passwords like this.
So how can we choose a secure password that we can actually remember?
What To Do
We’ve all seen the recommendations: include an upper and lower case letter in your password, and a number. Some web sites force you to include a punctuation character in your password as well.
A great way to create a password is to think of a phrase and turn the initials or words into a password. To incorporate the number, you might choose to change any letter o’s into zeroes and letter L’s into ones.
For example, if you ran a pet store, you might think of the phrase ‘I sell cat food’ and then change it to Ise11catfood (where the two L’s are changed to 1’s). Or it could be Isellcatf00d (where the two o’s are changed to zeroes.) Then it is easy for you to remember, but hard for people to guess. To add punctuation, you could put the whole password in brackets e.g. [Isellcatf00d] or add an exclamation mark e.g. Isellcatf00d!
Keeping Track of Your Passwords
- At January 18, 2012
- By adminalison
- In Blog, Good Business Practices
- 0
It’s not unheard of for me to spend over 10 hours helping a new client get access to their hosting, domain registration and content management system accounts in order to start working on their site. It’s not just that they’ve forgotten their passwords; often they don’t even know which companies they are dealing with. Then, once we’ve identified that, in order to retreive the passwords, we have to prove to those companies that the client has a right to access that account.
This scenario is especially common with non-profit organizations where there is relatively high turnover in volunteers and board members, and the email address on file with the account is no longer accessible by organization members. If you were to bring in a new web developer today, would you have the information handy that they need to get started on your site?
At best, not having this information can cost you unnecessary expense. At worst, it can lose you control of your domain. That can happen if the domain expires (perhaps because you couldn’t log in to update your expired credit card information) and then someone else grabs the domain.
You should know the account information for the following:
- All your domain names. These may have been purchased from the same company you purchased your hosting from or from a separate company. If you have more than one domain they may have been purchased all on one account or under separate accounts.
- Hosting for your web site(s). If you have more than one website, they may share hosting or they may have separate hosting.
- If you use a Content Management System (CMS) like WordPress, Joomla or a shopping cart, you should know the administrative account information for that CMS.
Here’s what you need to keep track of for each account.
- The URL that you log in at. It’s not much use having a username and password if you don’t know where to use them.
- The username. This may be your email address, but don’t count on that. It’s best to record the username for every account.
- The password. For security reasons you shouldn’t be using the same password for every account. So you’ll want to track your passwords.
There are various tools around that will store you passwords in a secure way. Here are reviews of some of those systems.
5 Tools for Keeping Track of Your Passwords
10 Free Ways to Track All Your Passwords
What You Said: How you Keep Track of Your Passwords
Don’t forget to update your password tracking system any time you change a password.
