Creating Passwords: The Do's and Don'ts
August 23 2024

Whether you’re a tech novice, expert, using a new device or logging into social media - you should be well aware that password security is essential.

There exist many myths about password security, hacking and how you should set up and secure these passwords. IEWC gives you the lowdown in this article.

Strong Passwords

What’s The Purpose of a Password?

The world has come a long way since the age of signature authentication, and yet this is exactly where passwords originate from.

From banking pins to sign-in credentials, our service providers need to know that we’re the ones using the services they provide. It’s become a bit more complex as technology advances - the more services we require at once the more integration is required from various providers at once.

Passwords are used as easy ways for service providers or applications to authenticate that the user accessing a platform or account is the person who owns the account or has legitimate access to it.

Old School Password Rules

If you’re simply looking to create a strong password for general purposes and don’t manage intricate or integrated applications, there are certain rules which you must adhere to.

The basics:
Most platforms will prompt you to use a combination of the following:

  • UPPERCASE
  • lowercase
  • numbers
  • $pec!@l ch@r@ct3r$

As demonstrated above, it’s easiest to use special characters which read as text to the human eye, especially if you want to remember them. Some of these include:

  • a: @
  • e: 3
  • i: !, 1
  • l: 1, !
  • o: 0
  • s: $
  • x: ><

Make sure your password is long enough
A password of 6 characters isn’t going to cut it. Many platforms require a password of at least 10 characters long, with some going even higher.

Don’t use special characters and numbers in an obvious sequences
Since many people use special characters as a stand-in for text, it’s best not to use these in an obvious sequence.

Don’t use obvious phrases or numbers
You’ve probably seen people warning you not to play interactive social games where you have to list things like the city you were born in, your mother’s maiden name, your first car or pet - this is because many platforms use such questions and answers for password recovery. Many of these "games" are created by hackers in the hopes that due to the viral nature of these they can use google or other search engines to search for their specific prequels in these games to find targets. Avoid participating in these games or at least make 100% sure that only trusted parties can view your responses.

Using phrases in passwords
It’s good to create passwords you can remember, but don’t make it obvious. The easiest way to do this is by using phrases written in a combination of uppercase, lowercase, numbers and special characters.

If you speak multiple languages, using multilingual or non-english phrases is even better. While good hackers will get through any such tricks, these are efficient for most security.

Use easy-to-remember phrases to create a long sentence, and then take the first letter of each word to form a strong password.

For instance:

  • Ayoba 47 my bru!: @YOB@47myBRU!
  • Potjiekos is Life: p0tj13KO$1sL!FE
  • Sala hanthle 2022: $@L@hanthl32022
  • Every good cat loves sleeping on soft pillows by the window: Egcl$0SpbtW!

These are pretty rudimentary examples, but you get the gist.

The Keyboard Sequence

If you want to create a password that has no meaning and is still relatively easy to remember, one trick is to use a keyboard sequence - using random keys in a particular sequence which you will remember.

Use an Auto Generator

One of the easiest ways to create a strong password is by using an auto generator. Most applications and account managers offer this service and allow you to store the password in a password manager.

While password managers offer advanced security features, it should be noted that they aren’t failsafe. In fact, they are quite attractive to criminals with advanced skill because they’re the cyber equivalent of keeping all one’s eggs in one basket. For that reason you’ll frequently see that large corporations offering such services have been compromised.

Two-Factor Authentication

By far the best way to ensure you won’t get hacked is by using two-factor authentication.
This type of verification will generally still ask that you enter your password after which you will receive a message or mail containing either an authorisation link or a special key or pin which you must enter in the application which you wish to access. Two-factor authentication may also ask you to use the biometrics on your phone or tablet to verify that you’re the one accessing your account.

Don’t make it easy!

One of the easiest ways for criminals to get a hold of your information is through phishing, which we’ll cover in a separate article.

Know that no company worth their salt will ask you to verify your password via email. If you’re in doubt, go onto the company’s site, look for their support contact details and verify whether the mails, calls or messages you received were from them.

Additional tips:

  • Change your passwords frequently and don’t use duplicate passwords for numerous sites and applications.
  • Check whether you’ve been compromised: There are many databases where you can enter your email address to check if your details have been leaked. One of the most popular is HaveIBeenPwned. Most account managers and browsers also offer this functionality under their security settings and your service providers also have a responsibility to inform you they suffered a security breach.
  • It goes without saying, but don’t write your passwords down and leave these lying around for everyone to see.

Need help with your security?

If you need help with other aspects of your security, feel free to mail us on support@iewc.co.za and we’ll get back to you.

ISPA Code of Conduct
Hosting by Interexcel World Connection © IEWC 2024