Versions Compared

Version Old Version 12 New Version 13
Changes made by

Jessica Clark

Jessica Clark

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Three things make a good password:

  1. It is hard for someone else to guess.

  2. It is easy for you to remember. 

  3. It is not reused on some other website.

The point of a password is so other people can't guess it. It needs to be secret and difficult to guess. If you tell your password to someone else, or if it's so easy to guess your colleague, client or grandmother can guess it, you might as well not have one!

...

The best, and simplest way to make an impossible password is have the computer generate one for you, and the computer remember it for you.

  1. Generate a new, totally random, unique password like 3497zVp63v4IC.

  2. Store it securely in the password manager.

  3. When you log into Wise Owl Legal, the password manager will automatically copy the password (and even your username too) to your web browser for you.

In a sense, we are "cheating" when remembering the password. But computers remember things really well, so why not get them to do it for you? You may never even see the password it generates, but that's not a bad thing anyway.

...

Here is a list of common password managers:

  • 1Password - available on Windows, Mac, Android, iPhone and iPad. From $25.

  • LastPass - free (ad supported) on Windows and Mac. Android, iPhone and iPad costs $12 / year.

  • KeePass - available on Windows. 3rd party versions available for Mac, Android, iPhone and iPad. Free.

  • Password Safe - available for Windows only. Free.

And a review of password managers (particularly focused on 1Password).

...

There are a variety of products and systems available to produce passwords and passphrases. Using one of these is better than thinking your own password up because they ensure randomness (humans are very bad at being random).

  • Make Me A Password - a website written by one of the authors of Wise Owl legal which generates passphrases and passwords.

  • Diceware - uses a printable list of words and dice to select a passphrase. We recommend 4 or more words for an above quality passphrase. (Wise Owl Legal uses a variation of this system to generate passphrases).

  • Random Word Machine - generates pronounceable yet nonsense words. Put two or three words together to make a secure passphrase.

  • Search for other password generators on the Internet - most generators make passwords like 3497zVp63v4IC, and have options to change the length, what characters appear in it and so forth.

Make Your Own

First of all, this is the least recommended way to choose your password. Please read the section below about how good password crackers are before trying to make your own password up.

The key to making your own password is being random. Whatever you include in your password must be as random as you can make it, short of being totally unmemorable. Any patterns, rules or personal information you include in it could be guessed by a password cracker.

A long list of don'ts:

  • Don't include any personal information in your password. Hackers commonly use this information to figure out a user's password, sometimes on the first attempt!

    • Don't use your name

    • Don't use any friend or family member's name

    • Don't use any famous name

    • Don't use your birthday (or family birthdays, or important historical dates)

    • Don't use your login name

    • Don't use anything to do with Wise Owl Legal

    • Don't use any information you've posted about yourself on the Internet (eg: on Facebook, Twitter, Google+, etc)

  • Don't choose a word you like, make an o into a zero, an s into a $ and stick your birthday at the end. Hackers will guess past this in seconds.

  • Don't use real words. Hackers have dictionaries containing every word and every name (and many other commonly used passwords). Many of these dictionaries are derived from public sources like Wikipedia, Project Gutenberg, Twitter and Facebook.

  • Don't use any example passwords on this page.

Here's a possible way to make a password:

  1. Choose two words at random. Eg: logic and eraser.

  2. Mix the words up, so they don't appear in their original forms. Feel free to drop a few letters or add new ones in to make it easier to remember. Eg: er-log-er-ic-as (hyphens added for clarity).

  3. Take the serial number from your computer (or phone, etc). Eg: 000413247B09

  4. Grab a few numbers from serial and add them into your new word. Eg: er4-log1-er3-ic2-as4 (hyphens added for clarity).

  5. Drop one of the parts for a final password: log1er3ic2as4 

Even better than a password is a passphrase. Although they tend to be longer to type, a passphrase can be as secure as 3497zVp63v4IC but much more memorable. Eg: correct horse battery staple (taken from XKCD).

Other tips which will work with Wise Owl Legal (but not on all other websites):

  • You can enter non-English characters as part of your password. If you speak a different language, choose one English word and one in another language. 

    • Or even write an English word out in Japanese characters, for example.

  • Use Diceware to choose your words instead of you.

    • Or let Wise Owl Legal generate a passphrase and you can modify it.

  • Passwords can be as long as you want. So feel free to make a 20 or 30 letter long passphrase.

  • Include spaces between words. 

  • Deliberately misspell words.

  • Don't tell the truth. Instead of choosing your pet's name, choose a headline from page 24 of today's newspaper. And then change the headline.

  • Don't be afraid to write it down. Making something longer and more complex that you write down is better than simple and memorised (and of course, long and memorised is better again!). Just keep your written copy secure (eg: in your wallet).

  • Read some more tips by the makers of OnePass.

Be Afraid of Crackers

If you think this page is pointless or overkill, think again. Password crackers are smart, highly motivated and have developed powerful tools to find your password.  

...