To keep your servers or any other accounts safe, it is vital to use strong passwords. Please read on to learn about best practices for creating strong passwords.

A good password meets the following requirements:

  • At least 8 characters long.
  • Is a combination of at least one lowercase letter, one uppercase letter, and one number.
  • It is recommended that the password contains at least one special character.

Here is an example of a strong password: EN+l2W.fGmEM6dBT.

You should avoid using the following in your passwords:

  • Personal information such as your
    name, last name, date of birth, your children's or pets' names.
  • Public information that anyone on the internet can know: your
    memorable dates, phone number, address (in whole or part of it), and favorite quotes.
  • Popular words or phrases, or too obvious collocations such as my password, natural sequences of numbers such as 123456 abcdef , as well as sequences of keyboard letters: qwerty qazwsx zxcvbn.

How to create a strong password

You can use a line from a song, poem or a quotation as the password's base.
However, it shouldn't be too obvious for others.
Fill it up with special characters, lower and uppercase letters.

It is better to use special tools for password generation. The most reliable way is to use a password generator on your computer or server. For example, this special command on Linux can generate a strong 16-character password for you:

pwgen -scny 16 1

There are other password generators such as  https://passwordsgenerator.net/. However, there is a risk that your password will be stored on the website.

Where to keep your password

It is especially relevant to the randomly generated passwords.

  • Never keep your password in a written form near your computer or a monitor.
  • Do not tell anybody your password.
  • Keep your password in a special storage known only by you.
  • The best way to keep your passwords is to use the KeePass manager. Using it, all you need to remember is only one master password.
  • If you think that somebody else has your password, change it immediately.

Using SSH

A good option for servers is using an SSH key for authentication. Read more about this option here:

https://devops.ionos.com/tutorials/use-ssh-keys-with-putty-on-windows/