Skip to main content

How to choose a good password

And the top 10 passwords are ……:

top 10 passwords of 2013
Worst passwords of 2013

If you are using any of these password you MUST change them as soon as possible by a robust one.

By robust, I mean:

Difficult to bruteforce (Trying all the combination possible with important processing power, like doing aaa, aab, aac, aad. Easy to do with current technology….)

Difficult to guess (If your first 3 letters start by oba, most probably the next 2 will be ma…obama. This can be done based on statistics and using words from dictionaries,… alias Entropy)


  • Write down your password on a piece of paper and post it on your computer (Too many people and enterprises are still doing it…).
  • Use the same password across multiple services. If one service is compromised, you could loose all the others accounts !
  • Share your password with anyone else. You may trust your friend, colleagues, family, but they may not have as good practices as (hopefully) you have to keep it secret.
  • If your email providers or any other services is requesting to send them your password for double checking or repair something, etc…, or any others reasons. Do not share it ! Most probably it is just some SPAM, SCAM, …Professional providers will NEVER ask you your password.


  • Names:
    • of yourself, including nicknames or login name (Even in reverse order or whatever order);
    • of your relatives;
    • of fictional characters or popular movie (Lord Of the Ring, Star Trek,… ;
    • of any place or proper noun;
  • Numbers, including:
    • your phone number;
    • your social security number;
    • anyone’s birthday;
    • your driver’s licence number or licence plate;
    • your room number or address;
    • any common number like 3.1415926;
    • any mathematical series such as 1234 or 2468, etc…(Computer will be better than you at this game)
  • Any word in any dictionary in any language in any form including slang, obscenity, or even technical jargon.
  • Any common phrases such as “Thanks God, it’s Friday” or “So far so good’, etc..;
  • Simple patterns, including:
    • passwords of all the same letter;
    • simple keyboard patterns (qwerty, asdfjkl);.
  • Any information about you that is easily obtainable:
    • favorite color;
    • favorite rock group.
  • Any object that is in your field of vision at your workstation.
  • Any password that you have used in the past.


  • Change your password frequently (Every 3 to 6 months);
  • Use both UPPER and lower case letters.
  • Use numbers, letters and special symbols (!@#$%^&*).
  • Create simple mnemonics (memory aids) tp help you remember your password:
    • “Ial 4g miPA$$.” for “I always forget my password.” (14 characters with UPPER and lower case, both letters and numbers with special symbols (Including spaces)
    • “HmPwaCciaCccP?” for “How many passwords would a cracker crack if a cracker could crack passwords?” (From MIT example)
  • Use misspelled words (Whut ru tolqing Abut?).
  • Use a minimum of eight characters. Some even recommend at least 15 characters. Anyway, in most of the case, the longer the better.
  • Could use your own standard rule to change a little bit only your password for each different services:
    • “Ial 4g miPA$$.” could become “Ial 4g-GO miPA$$.” for Google account and “Ial 4g-AM miPA$$.” for Amazon account.

Some people are recommending to use Password Wallets to avoid having to remember several passwords for different services. It’s basically a small software installed on your computer or smartphone that will keep records of all your passwords and will be protected by a super strong password (The only one to remember).

I’m not a big fan of these software as protecting your own computer might not be an easy job to avoid any hack, etc.. and you need to really trust this software to put all your eggs in the same basket…

Actually, for non critical passwords, if might even be safer to write it down on a small paper and keep it in your wallets, as most of the attacks will come from internet or having physical access to your computer.

The best will always be to keep it in your head. And if you forget it, just reset it.

If you want to see what could be a robust password, I recommend you this Strong Password Generator. However, it may be risky to use it as you are not sure if this website is keeping in record all the generated passwords in its database. (Probably not, but now, as a advised user, you should doubt of everything)

And to see how secure would be your password, I recommend you using this service. But here again, you are not sure that once entered into the website, it keeps record or not.

Password Security
Password Security

And you, what are your tips to choose a good password?

Self host your services – Because your privacy worth it

I’ve started to self-host most of my services 6 years ago when I was still an international student, starting with Jabber, as I was bored of MSN and wanted to learn new cool stuff during my free time.

At that time, it was purely to learn and have full control of what I wanted to do/have. Actually I was using Gentoo distribution on my dualcore T5500 laptop, so, no need to mention how ready I was to get my hands dirty 🙂

And I was thinking having a XMPP server on my laptop that was off most of the time was not a problem. And indeed, it wasn’t! As I was using only my laptop as IM client to discuss with my friends, the server needed to be ON only when the client were ON too.

But things changed as the more I was learning and hosting many services, the more disconnected I started to be from all the progress done in targeted advertisement, SPAM received, intrusion in my personal life, etc….

It’s only after moving back to my own country and turning off all the services I was using that I started to be concerned by my privacy, respect of my personal life and most of all the “peace of mind” of using GNU/Linux and my own services on my own server.

I’m talking about very simple things like installing a software on Windows….better to go to the official website to get the latest version and virus free…. then download it….double click……next….yes….next… I don’t want the whatever bar……no I don’t accept my information to be used by the company….next….DONE. Neither the update….to check by yourself if no automatic checking…and to reinstall, etc…

Or I’m talking about the Google Mail account with localized advertisement based on the content of the email received….or suggested videos on Youtube based of what you watched previously…(Oh and no need to remind me I was looking for a porn movie on the platform…) or the habit to click too fast on the popup message that appear before to really read it and to find you have accepted to join Google+ or letting a lot of your print on the web and have tracked advertisement from the previous website you have visited displayed to the new one.Or having to check your SPAM box as frequent as your regular inbox to double check if any genuine mail was there…since it seems to be more like a black box…Or registering there and there and started to receive unsolicited request etc….

I’m sure we have all faced one of these annoying  unpleasantness.

The truth is Internet is a very transparent and free place and this is a good thing ! A lot of big companies are making good business there with “free” services (Facebook, Twitter, Google, Yahoo, etc…) and why not? Nothing bad about making money if it is legal and moral.

But you have to be able to control what you want to share and what you don’t want. And here is the difference between self hosting yourself or using 3rd party services and same goes with Free Software (Free as free speech, not free beer) and Proprietary Software. If you are not able to see the source code or use the software freely, what guarantee do you have of the treatment of your personal data?


For all these reasons (Full control of what I want to do and how I want, respect of my personal life, etc…), I decided few years back to self host as many services as possible. And there is reason for me to change that.

But don’t misunderstand me, this website will neither be about criticizing Proprietary Software (How evil are they?!) nor to initiate a crusade for Free Software. (Free is only what matter?!)

It will bring alternatives to popular services with news and (hopefully) clear tutorial to help you easily install them, because you will see, it’s not so difficult, if you are helped.

Because privacy worth it
NSA Prism – Watching us