Secure Passwords

Category: Security

With identify theft so common now, I'm concerned that my passwords may not be good enough. Can you give me some tips to picking good passwords that can't be easily guessed by hackers?

Secure passwords?I agree that it's very important to create secure passwords to prevent identity theft. With so many points of entry into your privacy -- email, banking, online shopping and social networking -- all too often people find out too late their passwords have been compromised. And in most cases, that's because they were simply too easy to guess. It's not so hard to create a strong password... here are some tips to make the keys to your identity a tougher lock to pick. class="imgmain" />

Choosing a Good Password

As the length of your password increases it's harder to crack it. I recommend a minimum of 8 characters, but anything more than that makes it even more secure. A broad variety of characters also helps in making your password unique. When you combine letters, numbers and symbols, it makes your password virtually impossible to guess. Using a password that's easy for you to remember may also be an easy password for an identity thief to guess. But there's a delicate balance... you want passwords that simple for you to remember, but difficult for others to guess.

Here are a few tips for creating strong, memorable passwords:

  1. Think of a phrase that you can remember easily.
  2. Check to make sure it fits the password criteria
  3. Take the first letter of each word from a phrase to create a new word; i.e. For "I love rock n roll music since I was 10" your password would be ilrnrmsiw10. Try taking a line from a book, song or poem and personalize it.
  4. Sometimes you can add complexity by making it case-sensitive, such as alternating between upper and lowercase letters. But these will be harder to remember, and to type correctly.
  5. Substite special characters for letters and numbers. Using a "$" instead of an "S" or a "1" instead of an "I" are good replacements.
  6. Use the Micsosoft password checker that's online. It determines the strength of your password.

What's a REALLY Bad Password?

antique lock Some other password pitfalls include using your name, child or pet's name, your birthday or other information that may be linked with your identity. Also steer clear of no-brainers like "abc123" or "password" as your password. Hackers recently created a fake Myspace login page, and collected over 34000 passwords before the ruse was detected. Because the data was left on a public server for some time, it proved to be an interesting real-world case study on BAD passwords. Analysis of this data showed some surprising results -- almost one percent of Myspace users had the word "password" in their password. With over 100 million Myspace users, that's a MILLION easily-guessed passwords!

Other popular "words" used in passwords included: abc, baseball, football, iloveyou, myspace, monkey, princess, qwerty, soccer, superman, and 123456. It was also common to add a number to the end of these words, such as abc123 or baseball1. Profanities also occurred with a high frequency in passwords. Your takeaway: don't use these words, or variants of them in YOUR password, or you'll be making it that much easier for Evildoers to guess their way into your private information.

More Password Tips

old key Try to keep your passwords different on each system. By doing this, you're preventing all your accounts from getting compromised. If one password is compromised, you don't have to worry about all your accounts.

Changing passwords on a regular basis also helps to ensure that you are maintaining a high level of security. In some workplace settings, login passwords must be changed every 30 days. Whatever interval you choose, be careful not to use a predictable pattern for your passwords, such as AxxxxxA / BxxxxxB / CxxxxxC or JANxxxx / FEBxxxx / MARxxxx. This is important because an intruder may not leave tracks. If someone has guessed your password, you can at least make sure they won't have long term access to your data.

Further, storing a list of passwords on your computer (especially a laptop) is not such a good idea. To maximize your privacy and security, memorize passwords and enter them manually each and every time you login. One exception to this rule is an encrypted list of passwords stored in a password management tool. Roboform is a nifty tool that will remember your passwords and give you one-click logins. Roboform gives you the option to generate very strong passwords and to secure all your passwords with one master password. (Sound a little Tolkienesque?) The Firefox browser also has a rudimentary password keeper and has a master password option. Internet Explorer will remember passwords, but lacks the master password option.

Social engineering, phishing, and even careless oversight by internet service providers are yet other ways that a hackers might get your password. Read more about Phishing Scams to avoid voluntarily providing your password via deceit and falling victim to Identity Theft.

What If?

Although you may follow all these tips to keep your password private, it doesn't completely eliminate the possibility of your password being compromised. If someone hacks into a system and gains entry into your account, close any affected accounts and report the fraud to the corresponding company. If any financial accounts were affected, you may even want to report it to local authorities. Make sure that you save and record any means of communication regarding the theft.

Futuristic movies tell us that even voiceprints and iris scanners can be tricked, so keep in mind that there are no fool-proof methods to guarantee that your password will never be compromised. But these tried and true techniques will help a lot when it comes to keeping prying eyes away from your personal information.

Got questions or comments about password security? Post your thoughts below...

Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:


Posted by on 2 Apr 2007


Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Which GPS Should I Buy?

The Top Twenty
Next Article:
Is Firefox More Secure?

Link to this article from your site or blog. Just copy and paste from this box:


Most recent comments on "Secure Passwords"

Posted by:

Pete
17 Apr 2007

For additional security, combine 2 different languages. I teach science and tend to use Greek or Latin plus English sometimes separated by a number, and with certain letters replaced by symbols. Instead of @ =A, I use ^=A, because it looks like an A without the crossbar; %=p becasue it is a "P"ercent sign. Personal shorthand makes passwords harder to guess, and 2 languages add to security.


Posted by:

Bill Rubin
17 Apr 2007

I generally find your advice very useful and well informed, so I was surprised at the focus on manually selecting strong passwords. This is fine if you have only one or two passwords, but totally unrealistic otherwise. It's like telling people to floss 3 times a day — most people find it impractical to carry out.

A more effective solution is to use a password manager, a subject to which you devote only 3 sentences. With a password manager, every Internet password can be very strong, and you don't need to remember any of them — you only need to remember one master password. Instead of purchasing Roboform (or using their wimpy free version), you can download numerous full-function open-source password managers such as KeePass, for free. (Full disclosure: I'm closely associated with the KeePass project, and have written a backup plugin for it.

EDITOR'S NOTE: Well said, Bill. A password manager is a great idea. I do use Roboform, but it's good to hear that there are some good open-source alternatives.


Posted by:

richard
20 Dec 2008

Forgot my user log in password on my laptop. I use windows xp and there are no other users on my laptop.

EDITOR'S NOTE: There are ways... do a Google search for "forgot windows xp password".


Posted by:

Dessa
02 Apr 2009

I use RoboForm to memorize my passwords, and I love it! I have dozens of logins, both business and personal, and only have to remember one *strong* password.

You mention mixing upper and lower case letters in passwords. A simple way to do this is to choose a phrase or sentence that contains capitalized words (people, places, months, etc.) and keep those letters capitalized in your resulting password ("I bought 25 pounds of Vidalia onions when we visited Georgia" becomes Ib25#oVowwvG). Another advantage of the "first letters of a phrase" technique is that your phrase can evoke vivid pictures, which helps you remember the phrase and the resulting password.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- Secure Passwords (Posted: 2 Apr 2007)
Source: http://askbobrankin.com/secure_passwords.html
Copyright © 2005 - Bob Rankin - All Rights Reserved

 
Free
Newsletter
Get the FREE  "AskBob Updates" newsletter!       Email:    (Details)