We help IT Professionals succeed at work.

Best practices when creating a password

Dave Ford
Dave Ford asked
on
218 Views
Last Modified: 2018-08-30
Recently, I was discussing "best practices" when creating a password, and here are the "qualifications" I could think of:

- easy to remember or generate
- not the same as your other passwords
- not easy for others to guess
- more than 6 characters
- contains at least one of ALL these: uppercase character, lowercase character, number, "allowed" punctuation-mark

Can you think of any other "best practice"?

Thanks in advance!
-- Dave
Comment
Watch Question

CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
LearnctxEngineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Terry WoodsWeb Developer, specialising in WordPress
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Dave FordSoftware Developer / Database Administrator
CERTIFIED EXPERT

Author

Commented:
Thanks to all who responded!

n2fc: Thanks! Those are some good suggestions

David Favor: if your password is truly random, how do you remember the one for each site?

btan: thanks for the suggestion to increase the minimum length

Lee W, MVP:  thanks! If you use a different passphase for each site, how do you remember it?

Learnctx: thanks!

Terry Woods: Thanks! How do you remember the passwords for each site?
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
Web browser password managers and Keypass.
Terry WoodsWeb Developer, specialising in WordPress
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
I've been using LastPass which is a (free) cloud based password management tool that is installed to each browser you use as a browser extension. It requires an email address and master password to unlock.

Keypass, as I understand it, creates a local database file containing all your secret data; it requires a master password to unlock.
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
KeePass is nice and a free open source password manager too. As mentioned it is local database. Essentially a flat file encrypted and protected using one single master password or select the key file to unlock the database. Also there is notebook and mobile phone version
https://keepass.info/download.html
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
I put my Keypass database on OneDrive.  It's accessible to me through iOS, Android, Windows, on any device I have.  And even if OneDrive gets hacked, they have to then hack Keepass... so I feel fairly comfortable this way.
Dave FordSoftware Developer / Database Administrator
CERTIFIED EXPERT

Author

Commented:
So, bottom line, none of you have to actually remember any passwords since you store them in some form of an external database. That's cool. Thanks.
Terry WoodsWeb Developer, specialising in WordPress
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
I make a point of memorising just a few important passwords: my master password for LastPass, my email account passwords for accessing webmail, and my internet banking password.
Dave FordSoftware Developer / Database Administrator
CERTIFIED EXPERT

Author

Commented:
Personally, I use a password "algorithm" to generate a distinct password for every site. There are an infinite number of possible algorithms, but as long as I stick to the pattern, I don't have to remember ANY password. I just need to remember the one algorithm.

For example, here's a sample algorithm:

- use the first word in name of the site and increment each letter by 2 characters
- append the "number of characters in the password plus 5" to the end
- change the third character to a dash ("-")
- lastly, repeat the same list of digits but backwards

With this algorithm, my password for amazon.com would be: co-bqp1111pqb-oc

The end result is easy to generate, it's difficult for someone else to guess, and it's almost impossible to "reverse engineer" the algorithm if someone were to find out your password.

(Note that this example is not my personal algorithm. It is only an example that I just made up right now.)

Thanks again!
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.