How to choose a STRONG password.

tl;dr

1. Don't use a garbage password. 

2. Use a strong password. 

3. Use different passwords for each account.

4. Consider a password manager. 

5. NEVER give your password to ANYONE! 

6. Check out howsecureismypassword.net. 

7. Check out haveibeenpwned.com

Hello Internet. I hope you are having a beautiful day. I'd like to talk to you about your passwords for a minute. I don't mean to be ugly about it, but I need to put this in no uncertain terms. Some of you have awful passwords. Terrible. Awful. Get your act together.

First, we're going to talk about what makes a terrible password. Splashdata, an internet security company, maintains a list of the most common passwords each year. Let's take a look at some of the perennial greatest hits.

#1. 123456

#2. password

#3. 123456789

#4. 12345678

Let's jump around a bit...

#8. sunshine

#9. qwerty

#10. iloveyou

#12. admin

#18. monkey

#20. !@#$%^&* - This one looks interesting, but it's just 12345678 with the shift key held down.

#23. donald

#29. freedom

#31. passw0rd

#43. letmein

Also in the top 50 for 2018 are football and baseball, as well as the names charlie, bailey, buster, daniel, hannah, thomas, summer, george, harley, jessica, ginger, jordan, tigger, and joshua.

Hey, Star Wars fans! #45 on the list is solo.

THOSE ARE TERRIBLE PASSWORDS!

I hear you internet. You must be saying "Okay, itsthemitchell, you told me my password is awful. So what makes a good password?"

I'm glad you asked random internet stranger. If you want to create a strong password, start by using a combination of lowercase letters, uppercase letters, numbers, and special characters (you know... #@!^@()@#*#@.) Make sure your password is nice and long. More characters generally mean a stronger password, although there are always exceptions. For example 1111111 is NOT stronger than 111111. 

You know what I didn't see on the list of worst passwords? iStHiSaStRoNgPaSsWoRd?1#2##$1!??  Probably because it is a bit too long for most websites. You know what else makes good passwords? Multiple word passwords, like JaggedbLUNDER2&.

Once again, I hear you. "But itsthemitchell, that password is way too difficult for me to type. Isn't that a hassle?"

Umm... yes. Yes it is. It is a hassle to type in a good password, but that is no excuse for using a poor password. Besides, if it is a hassle for you to type, guess who else will have a hard time typing the password? Thaaat's right. Everyone you want to keep out of your accounts. If you can't be bothered, try a password manager.

A password manager is a program that keeps track of your login information for each website. I'm not going to endorse any particular one of them. I do generally allow Chrome to save my passwords for various websites. That works for me. For extra security, I do have a few websites that use two-factor authentication. That's where you log in, then they send you a text message code that you have to enter to finish logging in.

Hopefully you're still with me, because this one is really important. NEVER GIVE YOUR PASSWORD TO ANYONE! You know that phone call you got from your "credit card company" that just needs to verify a few details. If they ask for your password, it's a phishing scam. The email that you got from "Google" about suspicious activity on your gmail account? Good chance that's a phishing scam. Here's the deal. No company will ever ask you for your password. They just won't do it. The only time you should enter your password for anything is if you are logging into that website. Also, take the time to check the URL before clicking the link to log in. There's more information about this in my post about phishing. Go check it out.

So, you  may be wondering, how do I know if my password is a good one? Well, go to howsecureismypassword.net. Experiment with various passwords to see how long it would take a computer to crack it. Remember this is just an estimate. Also, the website is sponsored by a password manager. You don't have to buy to play with the website. Remember, I'm not endorsing them... I just think their website has a cool tool.

Lastly, remember that security breeches happen all the time. It is possible that your email address has already been hacked, and you may not know about it. Head on over to haveibeenpwned.com. Enter your email address. It will let you know if there is a chance your email address has been exposed to a data breech. If so, please go to that account and change the password. Haveibeenpwned.com is also a commercial website selling a password manager. Again... not endorsing them. Also, this website only tells you if your email address could have possibly have been collected through a data breech from another website. Even if your address has been pwned, that does NOT mean they have your password. It's a good idea to change it anyway.

Phew. That was a long one. Time to eat.

Don't forget to make the world better each day.