More on passwords and logins
Good password practice
If you search online for 'what makes a good password', you will find a lot of excellent advice, including advice on creating and remembering complex passwords and advice on the use of password managers. Common advice you are likely to come across includes:
- 
- Passwords should be at least 8 characters long.
- They should be a mixture of numbers, upper and lower case letters and symbols.
- You shouldn't write down or share passwords with anyone.
- You should change them regularly, perhaps once a month.
- Never use names, words in dictionaries, commonly guessed passwords like ABC123 and dates.
- You should learn how to substitute letters with symbols and numbers to make complex passwords, for example S with 3, B with 13, Z with 2, a with @, i with 1, m with 8 and so on.
 
Complex passwords
It is easy to create and remember complex passwords when you know a few tricks. For example, a quote from Harry Potter and the Order of the Phoenix is
Just because you have the emotional range of a teaspoon doesn’t mean we all have.
The first step might be to take the first letter of each word to get:
Jbyhteroatdmwah
Substitute o with 0 and a with @ and m with 8 and you get:
Jbyhter0@td8w@h
If you set up and remember a set of simple rules to use, and always use them, you should be able to recall and reconstruct a complex password from a well-known or facourite line from a book, a song or poem. You can make up your own rules. For example, you could decide what letters to substitute with what symbols or numbers. You might decide to use the last letter of a word rather than the first letter. You might have a rule that says always begin and end with a certain, rarely used character. It's up to you!
Password managers
You can quickly become overwhelmed with account logins and passwords these days. It seems that more and more, we need to do everything in our lives online, and each time, we have to set up a new account. It can be quite a challenge to select good passwords and remember them all. The solution is to use a password manager. This is a piece of software that will automatically select a long complex password for you. It will then let you set up, organise into folders and store the details for each account, including the web site address for the login page, the login name and the password. 
Typically, you would carry the password manager on a USB pen drive on a key-ring so it is with you at all times. The password manager software is itself encrypted so if you lose it, no one can get your account details. If you make changes on the pen drive, the changes are synchronised with a back-up, ideally help in the cloud, which is also encrypted. To use the password manager, you insert the USB flash drive into a computer, and then decrypt it using a single complex password. However, you only need to remember one complex password rather than many. Once the software is open, you can select the account you want to log in to, and the password manager will jump to that site and automatically fill in the login details for you. you just have to press <ENTER>.
There are many open source password managers about. KeePass is an excellent choice. The most important thing when using a password manager is to make sure you keep a back-up of the encrypted accounts database in a place other than the USB pen drive, and don't forget the master password! There is no way to get your account details back if you lose the database and don't have a back-up, or forget the master password!
Back
