Creating and using strong passwords should be part of your daily life. This Knowledgebase article will share guidelines you should stick to when creating secure passwords, as well as tips on managing passwords.
Strong Password Guidelines
Creating a secure password
Things to keep in mind:
- Use a different password for each website.
- Use at least 8 characters.
- Use one or more of each of the following:
- lower-case letters
- upper-case letters
- numbers
- punctuation marks and other symbols (!@!#$%^&*()
- You can use lookalike characters to protect against people who may glimpse at your password:
- O as in Oscar and the number 0.
- Lower-case l and upper-case I.
- The letter S and the $ sign.
Things to avoid:
- Using the same password for every website.
- Using words you can find in the dictionary.
- Passwords shown as “example strong password”.
- Personal information, like names and birthdates.
- Keyboard patterns, like qwerty and 12345. Particularly avoid sequences of numbers in order
- Common acronyms.
- A password made up of one character type, such as all numbers, all upper-case letters, all lower-case letters, etc.
- Repeating characters, such as cccc3333.
Tips for creating memorable passwords:
While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.
- Create a unique acronym for a sentence or phrase you like.
- Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh.’
- Jumble together some pronounceable syllables, such as ‘iv,mockRek9.’
Keep your password secret!
- Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
- Never write your password down, especially not anywhere near your computer.
- Do not store your password in a plain text file on your computer.
- Never send your password over an unencrypted connection – including an unencrypted email.
- Periodically test your current password.
- Update your password every six months.
Struggling with security issues? ChemiCloud is the hosting solution designed to save you time! 🤓 Check out our web hosting plans!
Password Management Tools
Password Management Tools
If you create a new, randomly generated password for each website you sign up for, you’ll end up with a lot of passwords you need to remember. It would be nigh impossible for any human to do this, which is why through the miracle of technology, we have the password manager
At ChemiCloud, our top recommended password manager is Bitwarden.
Why? Because not only is it entirely FREE, it’s also open-source software, which means anyone can examine the codebase the application runs on and see if it’s spying on you. The source code for Bitwarden is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase.
We believe that being open source is one of the most essential features of Bitwarden. Source code transparency is an absolute requirement for security solutions like Bitwarden.
Bitwarden is available for all major web browsers, operating systems, and mobile operating systems. Lock your passwords and private information with end-to-end AES-256 bit encryption, salted hashing, and more today!
Additional Password Management Tools:
1Password – 1Password is very similar to Bitwarden but is not free. The premise of the application is otherwise the same, it saves your passwords and auto-fills forms for you with the login credentials needed.
Random Password Generators
If you are going to use a web-based password generator, the best one is from Random.org.
Why?
Random.org’s password generator is the best web-based password manager because the randomness used comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs to generate a random password.
The passwords generated by this form are transmitted to your browser securely, via SSL, and are not stored on the random.org server.
Another great site is GRC Perfect Passwords. Every time this page is displayed, their server generates a unique set of custom, high-quality, cryptographic-strength password strings which are safe for you to use.
What makes passwords generated from the GRC site perfect and safe?
Every password generated using this site is entirely random (maximum entropy) without any pattern, and the cryptographically pseudo-random solid number generator we use guarantees that no similar strings will ever be produced again.
Also, because this page will only display itself over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page was custom generated just now so you will not be cached or visible to anyone else.
Therefore, these password strings are just for you. No one else can ever see them or get them. You may safely take these strings as they are, use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed is totally, uniquely yours — forever.