Choosing A Strong Password

Educational advice on securing your account with a strong password.

It is important to create a strong password for all of your online accounts, not just your account at The Sandbox.

Weak Passwords

Did you know that roughly half of all passwords in existence are very easy to guess? This is done usually by "social research", which is the act of someone tracking you down on social networks, and then learning what your favourite things might be, or what your family member's birthdays are, and so on.

• Numerous passwords on the internet are composed of a name or a favourite thing, such as the name of a pet, family member, or a sport team, to give three examples.

• If the platform requires a number to be in the password, many people add the number 1 on the end of it, or a family member's birth year.

• If the platform also requires a symbol to be in the password, a shocking number of people will just add an exclamation mark on the end of it.

• So, unfortunately, many people's passwords look something like either Fido, Fido1, Fido2022, or Fido1!. This is a weak password that is far too easy for a skilled shady person to crack.

Creating a Strong Password

• A strong password contains a mixture of uppercase and lowercase letters.

• A strong password also contains numbers and symbols.

• A decently strong password is a minimum of eight characters long.

• Whereas a very strong password is a minimum of ten to twelve-plus characters long.

• Mix your numbers and symbols in with the lettering parts of your password, as opposed to sticking them on the end.

• Your password can be a memorable phrase that you made up that incorporates symbols and numbers in it.

• Do not write down your password "as is". This includes on paper, on your phone, or, worse, on the computer itself. You could if you need, however, write a hint for yourself somewhere.

• Do not tell anyone your password. There is absolutely no reason why anyone else would need to know your password, even for customer support purposes.

• Do not use the same password on multiple platforms. For example, if someone cracks your social network account password, they are going to try that same password everywhere else - PayPal, Amazon, Ebay, other social networks, The Sandbox, and so on.

Strong Password Examples

Do not use these exact examples as your password. This is a public academy. Use these examples to help you to come up with your own unique password.

Decently Strong

• YuMMy-T3a

• P1nkR@bb1tZ

• B3rRyJu1(e

• F1sH/Pi3

• $w1m-2me

• Gb6Y?p9@M

Very Strong

• [OMG!]Z0mB1es_At3-MY-TurTle!

• [Te@](is)VERY-_d31ici0us(YuM!)

• but!WHY-is--tH3(j@m)g0N3?!

• The-BlUe_K0ALa-DrANk[my]Gr@peJuic3!

• $ome^ONE*$t0lE[my]$weetR0LL(ag@iN]

• Li0N-8uCk3T*G@mE^MAng0

• <D*67-UhB1_?R29-AnH3-@K2sD>

Password Managers

Some people like to use password managers to create, manage, and "remember" their account passwords, such as https://passwords.google.com/ to give one example. This is fine and may help those with trouble memorising things or those with simply too many accounts across the internet to remember the passwords for.

However, it is important that you also bear in mind that password managers are not immune from hacking or data breaches. Whereas your brain is.

Two-Factor Authentication

Where possible, you should have two-factor authentication (2FA) enabled on your accounts across the internet, whatever they may be. Two-factor authentication is the process of confirming that it is really you who is trying to log into your account, by sending you a confirmation code via a message or secure app to a secondary device, such as a smartphone or tablet.

This means that even if someone does manage to crack your password, they will still be unable to access your account unless they also physically hold the secondary device (ie, your smartphone) which has been set up to receive two-factor authentication codes for that account.

A Sneek Peek Inside The Sandbox:

At The Sandbox, it is internal company policy that all staff are required to have two-factor authentication on all of their The Sandbox-related accounts, including third-party tools they may be using. You should adopt this same policy personally.

Checking For Data Breaches

There are third-party tools available which you can use to find out if your information was part of a data breach anywhere on the internet. These tools will help you keep on top of which passwords, if any, you should get around to changing. Here are some examples of such tools:

• https://haveibeenpwned.com/

• https://www.avast.com/hackcheck/