How you create a good user name?
- Use at least 6 alphanumeric digits combined with Caps and Symbols
- Use only .(dot), -(dash) or _(underscore) when using symbols
- Create one you can remember but which is very difficult to guess
Choose usernames and passwords that use uppercase letters, numerals, and lowercase letters and symbols in non-obvious arrangements.
My name for instance is Leonard. Obvious that is bad to use since hackers will use name and/or name combinations to discover the username.
So I choose the name Leon which is easy to remember but still easy to discover since it is plain and only 5 digits. So we modify that and it will still be easy to remember: 'l_3.0n' which is a good reproduction and easy to remember username but dificlt to guess (e = 3 and o=0, add 2 symbols and we are done!)
What is a good password?
Rule 1 – Password Length: Stick with passwords that are at least 15 characters in length. The more characters the better since difficult to crack. (20 digits are the max in cPanel for instance btw).
Rule 2 – Password Complexity: Use a combination of
- Upper case letters
- Lower case letters
- Numbers
- Symbols
A good password generator will help you create a good password. However it is difficult to remember probably so another way of generating a password which you will easy remember is to use a familiar sentence and translate that into your very own, easy to remember password. Here is the example of my text phrase:
"I am married and have two daughters of fourteen and twenty one years old" .
Now I keep only the first digit of each word, scratch the rest and I have a possible password: "Iamahtdofatoyo".
This though needs a little tweak to make is super strong and I will be still able to remember my password so we get when we look at the digits: 'iaM+h2do4t&t1yo'.
Now THAT is super strong and even I can remember that!
Practice of Good Password Security
Now we have strong user names and strong passwords it is the moment to spend some time on the issue of how to practice good password security in daily life:
- Never store usernames and passwords on paper or in an unencrypted computer file such as a very popular FTP-client named Filezilla! Filezilla stores passwords in plain text. Use an Open Source program such as Keypass or Dashlane to store your usernames & passwords all encrypted and it also creates unbreakable passwords (unless you have a Cray Supercomputer!)
- Never disclose usernames and passwords to any other persons. If you need (remote) site support create specific usernames and passwords for the support team helping you! (this allows to retrieve and review through logs what they have been doing on your site for instance)
- Do not use passwords that have been used in the past
- Do not use the same password for any other sites or programs (email for instance, your social security access, tax offices online, banking accounts, etc). If one is cracked they might have access to them all!
- Never provide credentials when requested through email. Trusted companies such as Fedex, Paypal, DHL, Banks will never ask you for your credentials per email
- Keep the number of Super Admins and other folks that can access the system files in your backend to a minimum and do not share your password
- Virus scan your USB when inserting in your computer or use a program such as USBvaccine from Panda which is free to download : Highly recommended since phishing bots are often hidden in the USB your kids bring home from school or from your library etc etc!
