Mostly we code...sometimes we write. Every once in a while, we podcast.

5 Pa$$word Best Practices — Tips and Tricks to Make Managing your Password Less Painful


In this day and age it is paramount to force yourself to adhere to strong password policies. Laziness and hubris would have us use the same easy to remember password everywhere, but don’t do it! It never ceases to amaze me how many people use passwords like: “password”, “1234”, or “qwerty”.

 As the System Administrator of CodeWeavers, I’ve put together 5 password protection best practices.

Never Reuse!
Never EVER use the same password more than once. This one is critical. If one password is figured out, you reduce the potential damage by eliminating duplicates.

Use a Password Database.
When creating unique passwords everywhere, it becomes near impossible to keep track of all of them unless you have the mind of Sheldon Cooper. Popular password managers include LastPass or KeePass. I prefer KeePass, which uses a cloud storage backend. Unlike, LastPass, KeePass is multiple factor, they’d have to hack your cloud storage account, find the file, and then hack the file itself.

Consider Password Entropy.
This is a measurement of how unpredictable a password is. Never use things like single dictionary words, or personal information such as addresses or birthdays. Make your passwords as long as you can. I like to create easy to remember phrases or quotes. I concede that long passwords are a pain to type in on mobile, but that extra few seconds can save you from a world of trouble down the road. For example “May the Force be with you!” or take example from Yoda, “Be with you the Force is!" Be original! Don’t use these, find your own. Hackers are smart, and common phrases can easily be added to cracking databases.

Create a Common Password Template.
I use a easy to remember strategy for sites where no personal information is stored. I create a phrase that contains the name of the site, and re-use it. For example: “Man, PhotoBucket is a pain!”, then to reuse on Reddit, “Man, Reddit is a pain!”. This can save you time while maintaining a strong password. I do stress, don’t use this on banking sites or places where you have credit card info stored. This doesn’t break rule #1, as you have changed enough of the string.

Be Vigilant.
If a site is compromised, change your password there as quickly as you can. There is a fantastic website called haveibeenpwned.com that will notify you if your email is listed on a known compromised site.

Finally, Relax. The thought of managing this can be overwhelming at first. But, like many good habits, once it becomes ritual, the stress of it all is reduced. Until next year’s Data Privacy Day – happy passwording!

— N

About Jeremy Newman
Newman has been the IT Director, Systems Administrator, and Webmaster for CodeWeavers since 2000. He is a Swiss Army Knife of tech. He custom builds servers and workstations. He also codes the website with PHP, JavaScript, and SQL. He also does graphic design, and video editing. Outside of the office he is a lifetime gamer and retro game collector. Learn more about his professional accomplishments on LinkedIn. Follow him on Twitter @laxdragon.

The following comments are owned by whoever posted them. We are not responsible for them in any way.

CodeWeavers or its third-party tools process personal data (e.g. browsing data or IP addresses) and use cookies or other identifiers, which are necessary for its functioning and required to achieve the purposes illustrated in our Privacy Policy. You accept the use of cookies or other identifiers by clicking the Acknowledge button.
Please Wait...
eyJjb3VudHJ5IjoiVVMiLCJsYW5nIjoiZW4iLCJjYXJ0IjowLCJ0enMiOi02LCJjZG4iOiJodHRwczpcL1wvbWVkaWEuY29kZXdlYXZlcnMuY29tXC9wdWJcL2Nyb3Nzb3Zlclwvd2Vic2l0ZSIsImNkbnRzIjoxNzM0NzIyMzMzLCJjc3JmX3Rva2VuIjoiZzhZZzRKUVlCbVpWYUN5VCIsImdkcHIiOjB9