Qamba Knowledge Base
What makes a password good?
This article is based off some of the principles and information provided by Microsoft, NIST, NCSC & ACSC.
Rules to follow
- 8 characters minimum – The longer the better, length is more important than complexity. Think passphrase instead of password.
- Easy to remember – It’s not just about security, a password is not good if you can’t remember it.
- Nothing personal – Don’t include any personal information. This includes parts of names, birthdays, phone numbers, etc.
- Unique to you – If it’s possible someone else in the world may be using the same password, it’s not a good password.
- Brand new – Do not reuse old passwords.
- Only for you – No one else should know your password. If someone else knows it you should change it.
A method for password creation – three random words
Passwords (or rather passphrases) made of 3 random words provide a balance between security and memorability. Add in a number and a symbol and you have yourself a long, easy to remember, unique password.
- Select a random word. This could be something on your screen currently, outside or something from a random word generator.
- Select another two.
- Choose a 2 digit number – It could be the current time, a random number, ideally not something personal.
- Pick a symbol you like (or two): ! @ # $ % ^ & * ( ) _ + < > ? – =
- Combine them all together in an order you like.
- Capitalise one word, all words or just a part of the password, whatever seems memorable to you.
Examples of what your long password might look like :
(DO NOT use these examples, they are not unique to you)
- Free-Dance-Kindle-293
- 83Kindly,Decision,Bikes?
- NORTH3gentle3hour!
- MASS_SAVE_shrink_31
- Don’tFreeMalicious55
We have a password generator here for those who want some ideas of what their password could be.
More Tips
- Avoid using the same password for everything, if one password needs to change you can lose track of which password is for which account.
- Make one of the words provide you a hint for what the password is for. This helps keep track of what is what.
- Writing down part of a password to act as a hint in a secure, locked location is better than using a bad password.
- Password managers mean you only need to remember one password, considering using one if you have many accounts.