Strong Usernames & Passwords: Best Practices

TL;DR

Weak usernames and passwords are a major cyber security risk. This guide shows you how to create strong, memorable ones and keep them safe.

Creating Strong Usernames

1. Avoid Personal Information: Don’t use your name, date of birth, address, pet’s name, or anything easily found on social media.
2. Be Unique: Don’t reuse the same username across multiple sites. If one site is compromised, all accounts with that username are at risk.
3. Length Matters: Longer usernames are harder to crack. Aim for at least 8 characters.
4. Mix it Up: Combine letters (upper and lowercase), numbers, and symbols. For example, instead of ‘johnsmith’, try ‘JSm1th!’.
5. Consider Pseudonyms: If possible, use a username that isn’t directly linked to your identity.

Creating Strong Passwords

1. Password Length: Minimum of 12 characters is recommended; 16+ is better. The longer the password, the harder it is to crack.
2. Complexity: Use a mix of upper and lowercase letters, numbers, and symbols (!@#$%^&*).
3. Avoid Dictionary Words: Hackers use ‘dictionary attacks’ – trying common words and phrases.
4. Don’t Reuse Passwords: This is *critical*. If one account is compromised, all accounts using the same password are vulnerable.
5. Passphrases Are Good: A long, memorable phrase (e.g., ‘I love eating pizza on Tuesdays!’) can be easier to remember than a random string of characters and more secure.

Checking Password Strength

You can use online tools to check the strength of your passwords *before* you use them. Be cautious about entering real passwords into these sites; look for reputable services.

• Have I Been Pwned?: https://haveibeenpwned.com – Check if your email address has been involved in a data breach.

Password Management

1. Use a Password Manager: Tools like Bitwarden, LastPass, or 1Password generate and securely store strong passwords for all your accounts. They also auto-fill logins.
2. Enable Multi-Factor Authentication (MFA): This adds an extra layer of security by requiring a code from your phone or another device in addition to your password. Look for options like authenticator apps (Google Authenticator, Authy) or SMS codes.
3. Regularly Update Passwords: Change passwords periodically, especially for important accounts (banking, email).

Example Password Manager Usage (Bitwarden CLI)

This is a basic example; refer to the Bitwarden documentation for full instructions.

bw create login --username your_username --password 'YourStrongPassword123!' --name 'Website Name'

What to Avoid

• Simple Patterns: Avoid sequences like ‘123456’, ‘abcdef’, or keyboard patterns (‘qwerty’).
• Personal Information: As mentioned before, don’t use anything easily associated with you.
• Common Phrases: Avoid well-known quotes or song lyrics.