Most users don’t have good passwords because they don’t understand how to create them. This how to provides some tips to help create secure passwords in a format that is ready to provide to your users as part of a training packet.
Avoid Dictionary Words
First of all, avoid using dictionary words, this includes words from science fiction dictionaries, foreign dictionaries, and dictionaries of common names. Even obscure words from science fiction or fantasy worlds are in special dictionaries and are guessed.
Avoid appending a number to a dictionary word
Most people think that appending a number to a dictionary word makes their password stronger. This is false, avoid simply adding numbers to common words.
Avoid using significant dates and names
Avoid using significant dates such as anniverseries or birthdays in your password, these are easy to guess by people who know you. Also avoid using names of family members and pets, they are also easily guessable.
If you can memorize random passwords do so
If you are capable of memorizing a string of 6-10 random letters, numbers and symbols randomly generate your password and memorize it. This will give you the most secure password possible. Don’t think you can do it, think about how many random sets of numbers you know such as your SSN, phone number, etc.
Use Mnemonics of phrases
Rather than using words, use a seemingly random phrase to create a mnemonic. For example IwtbotTo2C seems very random, the mnemonic is „It was the best of times Tale of Two Cities“ the first line and title of one of my favorite books. Poems, song lyrics, etc. make great quotes to use as a mnemonic, the more obscure the better.
Substiituite numbers and special characters
Substitute numbers and special characters for letters, preferably in short phrases rather than individual words, for example N0G00dD33d or DefyGr@v1ty.
Memorize your password
Whatever method you choose to create a good password, choose something that you can memorize without writing it down. If you absolutely must write down a password keep it is a secure location, never around your workspace.
Use Seperate Passwords for Work and Personal
Keep seperate passwords for your work and personal accounts. This way if one is compromised the other will not be.
Help your users create strong passwords and your network will be more secure avoiding problems instead of recovering from them. Users do not create poor passwords because they want their account broken into, they create them because they don’t know how to do better.