Choosing a password is easy. Choosing one that is secure, is the challenge.
The problem is that password selection involves two conflicting goals.
Goal 1: Pick a password that’s easy to remember.
Goal 2: Pick a password that’s hard to crack.
If all you had to worry about was Goal 1, your name would be your password and life would be simple. At the same time, if you only wanted something difficult to hack, you could easily come up with a long series of random letters, numbers, and characters that would confound even the most hardened hacker.
You would not, of course, be able to remember that password. You would have to write it down somewhere or carry it with you, making breaking into your computer as easy as looking at that Post-it note affixed to your keyboard that says: “My password is: Eg(4$ll)31opx*.”
Eric Wolfram provides some good basic rules that apply to passwords.
- Longer is better. Six characters is the minimum. Many sites require 8.
- Made up or altered words are better than actual words. Avoid calendar dates as part of the numeric portion of password.
- Personal information that can easily be looked up or verified should be avoided.
- Don’t use account numbers or other billing information as part of a password.
- The use of adjacent keys or consecutive numbers are easy for others to notice and should be avoided.
- Maintain a separate password for each highly sensitive account, such as email, financial institutions, and social media.
- It’s OK to recycle for sites that don't store personal info, such as Internet radio stations.
- Memorize your password. You should never write it down.
- Mix letters, numbers, and punctuation and, when possible, include both uppercase and lowercase letters.
- Don’t overdo it and make the password so complicated it becomes cumbersome. It should be something you can type fairly quickly.
Using misspelled words or words with a number or punctuation mark at the end can be effective. Examples include "KrazzyDood," "PensilNek," "Sawsy2468," or "ShurThing**!."
Replacing some letters with punctuation increases security. So does the use of numbers. This simple system turns the word “hello” into “h3llo” and “seagull” into “s33gu!!”
Another system that is easy to memorize involves creating a sentence – such as “When I was in 3rd grade, my teacher’s name was Mrs. Schmidt.” Then create your password from the first letter of each word: WIwi3gmtnwMS.
Password Reset Questions Tip
To generate better security for password-reset questions, Randy Abrams, Director of Technical Education at WeLiveSecurity has a simple suggestion. He says do not provide correct answers. For example, say your mother’s maiden name is Tarzan. Or, that the name of the first school you attended was LegoPrimary.
When to Change Passwords
Change major passwords at least twice a year. (For example, January & July.) Changing too frequently becomes cumbersome and waiting too long increases risk. Whatever your time frame, stick to it. Maybe you change your passwords when you change your clocks. (You know, “Spring forward, Fall back?)
An alternative to the password system is the passphrase system as long as your software or operating system allows it. A passphrase is a series of words, instead of a series of letters, punctuation, etc.
Instead of a 6 or 8-character password, security would depend on four or five 2 to 6 letter words. The words do not need to make up a sentence. They could be a list of words, for example: rat onion climb frog batman.
Of course, the words could be more random, even nonsense, and could include punctuation, numbers, or almost any combination.
One of the best passphrase generation systems is Diceware. Click on the link for a full explanation and all the information you need to generate a passphrase using this unique system.
Password Management Software
Despite your best intentions, memorizing every password you’re asked to create is close to impossible. Fortunately, password management software exists to securely store your passwords and apply them, as needed when you log on to various sites.
Top 10 Reviews provides reviews of the best password management systems, most of which will not only store your passwords, but will also help you create them. This year’s top-rated program is RoboForm Everywhere, which sells for less than $10.
According to Top 10 Review, RoboForm Everywhere can be used to manage passwords on a number of different devices, although the device versions, according to Top 10 Review are read-only.
Although new information has to be added using the desktop version, Top 10 considers this a minor irritant and still gives the software a perfect score of 10.
Go ahead—admit it—you use the same one or two passwords for everything. That’s not such a problem for sites that store nothing more than your email address but for banks and others with sensitive information, employ one of these strategies to protect yourself.
© 2013 Attard Communications, Inc., DBA Business Know-How®. May not be reproduced, reprinted or redistributed without written permission