Avatar of Member_2_2484401
Member_2_2484401
Flag for United States of America asked on

Best practices when creating a password

Recently, I was discussing "best practices" when creating a password, and here are the "qualifications" I could think of:

- easy to remember or generate
- not the same as your other passwords
- not easy for others to guess
- more than 6 characters
- contains at least one of ALL these: uppercase character, lowercase character, number, "allowed" punctuation-mark

Can you think of any other "best practice"?

Thanks in advance!
-- Dave
Security

Avatar of undefined
Last Comment
Member_2_2484401

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
n2fc

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
David Favor

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Member_2_2484401

ASKER
Thanks to all who responded!

n2fc: Thanks! Those are some good suggestions

David Favor: if your password is truly random, how do you remember the one for each site?

btan: thanks for the suggestion to increase the minimum length

Lee W, MVP:  thanks! If you use a different passphase for each site, how do you remember it?

Learnctx: thanks!

Terry Woods: Thanks! How do you remember the passwords for each site?
Lee W, MVP

Web browser password managers and Keypass.
Terry Woods

I've been using LastPass which is a (free) cloud based password management tool that is installed to each browser you use as a browser extension. It requires an email address and master password to unlock.

Keypass, as I understand it, creates a local database file containing all your secret data; it requires a master password to unlock.
Your help has saved me hundreds of hours of internet surfing.
fblack61
btan

KeePass is nice and a free open source password manager too. As mentioned it is local database. Essentially a flat file encrypted and protected using one single master password or select the key file to unlock the database. Also there is notebook and mobile phone version
https://keepass.info/download.html
Lee W, MVP

I put my Keypass database on OneDrive.  It's accessible to me through iOS, Android, Windows, on any device I have.  And even if OneDrive gets hacked, they have to then hack Keepass... so I feel fairly comfortable this way.
Member_2_2484401

ASKER
So, bottom line, none of you have to actually remember any passwords since you store them in some form of an external database. That's cool. Thanks.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Terry Woods

I make a point of memorising just a few important passwords: my master password for LastPass, my email account passwords for accessing webmail, and my internet banking password.
Member_2_2484401

ASKER
Personally, I use a password "algorithm" to generate a distinct password for every site. There are an infinite number of possible algorithms, but as long as I stick to the pattern, I don't have to remember ANY password. I just need to remember the one algorithm.

For example, here's a sample algorithm:

- use the first word in name of the site and increment each letter by 2 characters
- append the "number of characters in the password plus 5" to the end
- change the third character to a dash ("-")
- lastly, repeat the same list of digits but backwards

With this algorithm, my password for amazon.com would be: co-bqp1111pqb-oc

The end result is easy to generate, it's difficult for someone else to guess, and it's almost impossible to "reverse engineer" the algorithm if someone were to find out your password.

(Note that this example is not my personal algorithm. It is only an example that I just made up right now.)

Thanks again!