Pin Me

Tips for Managing Website Passwords

written by: •edited by: Lamar Stonecypher•updated: 2/26/2010

Do you use a family member’s name or birthday for your online accounts? Do you have separate accounts for each site you do business on? Most people tend to use easily guessable passwords. This article will discuss some tips for proper website password management.

  • slide 1 of 3

    Overview

    With all of the data on the Internet and the extreme ease of accessing any tidbit of our lives, from online banking to medical records and online shopping, it’s extremely important you pay attention to how secure your online accounts are.

    Think of each online account you have as a locked door. The lock you use on the door should correlate to the relative value of the materials behind the door. Would you want to have a single lock that opens your house, your car, your safe deposit box and your garden shed? Probably not. You’d probably have a small lock on your shed, a normal lock on your car, a lock and deadbolt on your house and your safe deposit box is probably guarded by several locks, a security system and possibly guards.

    Your online accounts should follow a similar regimen. Banking and other accounts that have financial information or credit card data should use extremely strong passwords – 8+ characters and consist of letters (both capital and lower case), numbers and symbols. This is what we refer to as a “complex password". Each of these accounts should utilize different passwords.

    Sites where you have to register just to view information can be treated as a lower security risk. Do we really care if someone steals your account and is able to view the Washington Post? Probably not. Sites that require basic registration can utilize the same password and you can consider using basic passwords in this case.

  • slide 2 of 3

    Why all the Hype?

    Why should you be concerned about how strong your password is? Take a simple password such as “Dodg3" – it’s got a capital letter, lower case and a numeral. Pretty strong password? Nope. Using a modern computer and an easily obtainable brute force password cracker, this password could be cracked in about 2 minutes. Using the same password, but adding just three more characters puts out the crack time to 7 years. If you want to learn more about password recovery speeds, check out the Lockdown.co.uk site – it’s pretty interesting to see just how fast a computer can crack a password under various password complexity scenarios.

    The biggest key to making a secure password is it's length. If we compare a 5 character password to an 8 character password (assuming only lower and uppercase letters are used), we go from 350 Million possible password combinations to 53 Trillion. In recovery speed terms, you go from 38 seconds to 62 days - just by adding three more characters.

  • slide 3 of 3

    Other Tips

    • If you have problems managing all your passwords, use a password manager such as KeePass or LastPass.
    • Don’t use dates or names that are significant to you as a password – things like anniversaries, birthdays, family and even pet names can easily be obtained through public records.
    • If you have trouble remembering passwords, try replacing some letters with numbers and symbols. For example, the “simple" password “DietPepsi" could be transformed to a complex password by replacing some of the letters – “D1etP3ps!". This way it still resembles something you know, but is much more secure.
    • As mentioned above, do your best to use different passwords for highly sensitive sites such as banks and other sites that hold financial or personal data.

    Practice these tips and it should go a long way in keeping your identity safe!