Good Password Rules to Follow

Categories: security password

xkcd horse battery staple article

Passwords are a difficult thing for almost everyone to manage. Every site has different rules and almost all of them require that you keep a strong password. Obviously you want to create secure passwords to make sure others cannot get into your account.

Let's face facts--most people reuse passwords across different sites. If you use a password on a site that gets hacked and that site does not secure your password properly, your email address and password could be at risk for being compromised. Once a hacker figures out your password, they may try other accounts of yours because it is likely you use that password for your email address, too. From there, they can see which services you use such as your bank or your credit card. In some scenarios, it is possible for someone to go to your bank's website and request a password reset, which then sends an email to that email address. At that point, they can reset your bank password and your passwords for other services, which means they have unlimited access to your personal details and to your funds.

This is why it is important to create secure passwords from the beginning. Here are some tips for how to do that:

Good rules to follow

Strong passwords are always composed of more than 8 characters with a combination of upper case letters, lower case letters, numbers and special symbols. Suggestions:

  1. Avoid single words taken from a dictionary such as "sunshine" or "lemon". Single word passwords are the weakest of all passwords and are the first ones attempted by hackers.
  2. Do not use common phrases or strings of characters as the only way to secure your account such as "iloveyou", "letmein", "abcd1234", "P@ssword1", "trustno1", or "Superman1". Simple phrases and common patterns are weak if used alone. Hackers know people use them because of information discovered during data leaks such as the breach at Target and the Heartbleed bug. If you do use a simple phrase or a pattern like this, make it part of your longer password.
  3. Avoid using personal information about yourself and/or your family members as your password, such as birthdate, names of someone you are dating, apartment building, or name of your pet. Also, do not use a password that is similar to your username.
  4. Simple, long passwords are better than short complex passwords. Use multiple unrelated words as the starting point of your long password, words that will be simple for you to remember.
  5. Add some uppercase and character substitution for more security. Strong passwords should look like these: "staP!3 Batt3rYF0otba1!gam3", or "$Pas5W0rd$^5unShin3^sm1l3".
  6. Add a memorable but complex phrase as part of all of your passwords. This satisfies some of the uppercase requirements and some of the special character needs from some sites. Adding this layer of security makes it much harder for others to guess. Take a phrase like "staple battery lemons" and make it "staple battery l3Mon$".
  7. Avoid using the same password across different sites.

Strong and secure passwords for all your accounts may be difficult to remember. If passwords are not managed properly, you might find yourself requesting password changes from all the websites you are a member of over and over again. Here are three suggestions on how to create unique passwords across all sites:

How to remember unique passwords for all sites

There are applications you can use to help manage passwords, but these are not easy to access at all times. We suggest creating a unique system of your own that will be easy for you to remember but variable based on every website you visit.

  1. Create a memorable system for you but one that is difficult for others to break. One suggestion by XKCD in this comic is to take four unrelated words and use that as your password. It makes it difficult for computers to break, and it is memorable for humans to remember. Let's just do three words for now and add a fourth a little later: "staple battery lemons"
  2. With one of these four unrelated words, make it strong and use substitutions. For example change "lemons" to "l3Mon$". This makes the full password "staple battery l3Mon$".
  3. Create a unique code based on the website you are on for the last word in your 4-word phrase. The last word can be dynamic, based on the website you are on. For example using "" you could do something simple like using the last three letters of the domain as your variable word, like so: "staple battery l3Mon$ eys". If the domain was, the password would be "staple battery l3Mon$ ail".

How to keep your strong password secure over time

Once you have developed your unique system for remembering variable strong passwords, you need to make sure your password stays secure. Here are five suggestions on how to keep your password and your accounts secure over time:

  1. Update your password every six months. This will limit time for hackers to decipher it and gain access to your accounts. A good suggestion is to just substitute one of the words in your 4-word list. In this case, the first three letters of the site are being used: "staple battery l3Mon$ igl"
  2. Make sure to immediately change your password when there is a risk that your account has been compromised. Some of these risks may include if you lose your phone and can't wipe it remotely, Facebook or Gmail alert you of access to your account on a different IP address, a new security breach happens such as what happened at Target, or a new security vulnerability like heartbleed is discovered. If any of these issues arises, change your password right away. Do not give a data thief time to exploit a vulnerability.
  3. Do not write down your password, and do not share it with a friend or email it to anyone. Treat it like a top secret.
  4. When using a public computer make sure to not type your password when someone else is looking. Also avoid using the 'remember password' feature of a website on public computers. When done with a public computer do not forget to clear your history when you have logged out. Try not to do sensitive matters, such as banking transactions on a public computer or on public WiFi. Some syndicates could use devices to capture the keys you have punched to access your online banking account.
  5. Make sure to have different passwords for your different online accounts. The problem with using passwords across different sites is that if some company stores passwords in plain text (humans could query and read it in the database) or if the database gets hacked and find a way to decode the passwords or store passwords with the same encryption as others in the database, they will be able to figure out your password.

Just because this site is a survey site, does not mean that you don't need to take password security lightly.

Here is a good solution to creating a password based on the XKCD article: or a TED talk about passwords.

Make Money Taking Online Surveys

By clicking the signup button below you are agreeing to the User Agreement and Privacy Policy.