Developing a Password Strategy

One large caveat of the Internet is that many websites require an account in order to utilize their functionality.  It seems as if a month cannot go by without hearing a website report that their users’ accounts have been compromised.  Couple this information together and you’ll start to feel paranoid.

I hate to break it to you, but you should be tad paranoid. You should also have a password strategy to protect yourself and your information.

One of the first things you should do is classify the websites where you have accounts. These classifications can be broken down to Critical, Important and Non-Critical. In the critical category, you would find things like your bank accounts; Facebook, LinkedIn and other social networking sites; and your e-mail.

If a website is tied to your finances or would allow someone to impersonate you, it is Critical. Important category items would lean toward web services that you use like Netflix, Hulu, iTunes, etc.  These are types of sites that have a higher level of importance that you also use frequently. At the Non-Critical level you’ll find websites that you go to infrequently.  Once you have an idea of what websites fit into which category, you’ll need to come up with some Strong passwords.

Strong passwords are not able to be easily broken or guessed.  They’re not words that you would find in a dictionary or encyclopedia.  A strong password is made up of 8 or more characters consisting of uppercase, lowercase, symbols, and numbers.  The larger the number of characters, the better the security.

Try a website like Password Strength Checker to get an idea of what makes a password Strong.  Once you have an understanding of what makes a password strong, you can come up with a strategy for coming up with the combinations.  The easiest is the use of a pass-phrase.

The end result looks complex but will be easy to remember after typing it several times.

By using the first letter of each word in a sentence, the characters are randomized sufficiently but still can be retained in your memory.  Add a number sequence and a symbol or two and the password will be strong.  Having this sentence written down would be confusing as well since the password has nothing to do with the city where you were born.

After that, try following these tips:

Critical Websites –  These sites should receive their own unique password.  The passwords chosen should be at the strongest level that you can still remember in a pinch.  About every year, change the passwords so that each site has a new unique and strong password.

Important Websites – These sites can receive a password that you may share with other important sites.  The passwords chosen should still be strong, but because you may use these sites frequently, you might want to have a password that you can recall quickly.  Once you have it memorized, start rotating in other passwords until you have about five rotating passwords at the same time.  Just be sure to change up the passwords as well as dropping old passwords for newer ones.

Non-critical Websites – These sites can receive a password that is usually shared with lots of other non-critical sites.  The passwords chosen does not need to be necessarily strong, but should be easy to remember and at least have a letter/number combination.

By having a strong password and a strategy behind their use, you will help protect your information and online identity from being an easy target.