Password creation and how to handle it


Password is old form of authentication. In 1961, a team lead by Fernando Corbató designed Compatible Time-Sharing System (CTSS) which make use of password to grant access to users. Till today, password is still the most widely used form of authentication.

As it is today, we use password to get access to system in our place of work. We also need it to get access to some services online, like our banking applications, social media account, and so on.

What is the best form of creating a password and how do we handle it?
Here is a tip on how to create a password:

  1. A password is should be at least 10 character long
  2. Should contain at least an upper case, lower case, number and special character.
  3. It should NOT be a continues number (example, 7777777777) or continues alphabet (example aaaaaaaaaa)
  4. Do not make use of a simple dictionary word.
  5. Depending on how critical the system you have access, change the password at least every 2 months.

This tips make creating password cumbersome. Here is a tip.

When creating a password, you can create a password from a quote well known to you that you can easily remember. For example PEOPLE OFTEN REPRESENT THE WEAKEST LINK IN THE SECURITY CHAIN
From the quote above, I was able to generate the password POR&WL#&sc01. This is unique and I can easily remember it.
The password created from the quote above is a strong password. This should not be limited to English quote alone, you can form password from quotes from a language you understand and can easily remember the quote.

Duplicating a password to other account we have access is usually tempting, but it should be avoided.

The above work against password cracking tools and password guessing.

To avoid giving access to unauthorized user your password unknowingly, this is how we should handle passwords?

  1. Do not write down your password on a notepad or any other writing material.
  2. Do not share your password with anyone
  3. Do not fill your password on a form on any website that request for it or a physical paper
  4. Do not give your password to customer care agent that may request for it, they do not need it.
  5. Never a click on link that redirect you to a website that look like a genuine to you, it may have be cloned, instead enter the website address directly on the address bar of your browser before logging in.


@oziibrahim More often than not, we would rather click a link than type a url into a web browser (even when suspicious)
What are the signs one should look out for to spot a spoofing or malicious website?