QUESTION:

How do I create a secure password?

by Eric Snyder, code geek Why a good password matters.

Obviously, you don’t want someone breaking into your online bank accounts, but why is it important to use safe passwords on things like your email account, too? Here’s why: once the bad guys guess your password, they can upload scripts and use your account as a conduit for their spamming — or worse yet, phishing. How would you like to have your email account used to rip someone off? Not me!

How hackers crack your password.

I don’t know about you, but I have a lot of passwords. I would guess conservatively that there are more than 100 places I use a password, including email, site logins, server logins, forums and various utilities on several computers that I use at home and work. So it’s tempting to just have one or two passwords that are easy to remember. However, bad guys have some nefarious tactics for guessing passwords, and unfortunately, most easy-to-remember passwords are also easy to “crack.” Two of the most common password-cracking methods are:

  1. Robots that crawl the net trying to find common email account names like “sales” or “info” that have the same password as the name. Or “password” for the password.
  2. Automated password-cracking programs that try every word in the dictionary. This means that passwords like “mustang” or even “tintinnabulation” make poor choices.

Good passwords should be six characters long or longer, not made of words found in a dictionary, and have a mix of the following:

  1. upper and lower case letters
  2. symbols
  3. numbers

This combination of various characters makes it exponentially harder for even an automated program to crack a password in a reasonable amount of time. I have a password generator that generates passwords like “4A4CLdFJ,” which would be hard to crack. Problem is, it would be even harder for me to remember!

So, passwords have the problem of being either easy to remember and easy to crack, or hard to remember and hard to crack.

What you can do to protect yourself.

  1. Keep your passwords secure.
  2. Keep your virus scanner up to date and scanning. This is not a question of which one...just use any competent virus scanner. Don't leave your computer unprotected! If you need some recommendations (JavaScript must be enabled to view this email address) and I will be glad to help. Also, don;t give me the "I have a Mac so I don't need one." Macs are getting hack as well. Get a virus scanner and keep yourself from getting hacked.
  3. Change your passwords on a regular basis.

There is a simple way to come up with a password that’s easy for you to remember but very difficult to for any robot to crack. Here’s the trick...

Create a sentence about something from your life that will be easy for you to remember, and that contains a date or other numerical item. For example, “My first car was a 1972 Mustang.” (I really liked that car; had an eight track player and a cool paint job!) You take that sentence and use the first letter from each word, including the period: “Mfcwa1972M.” Now you have a password that’s easy to remember, hard to break, and meets all the criteria above.

Next, create a strategy for reusing passwords. Passwords that you use to login to forums may be able to be viewed by the forum moderators, so you don’t want to use the same password for this type of activity that you use for online banking. The solution to this is to have different passwords for different security/risk levels. There are probably three levels of security to consider:

  1. Low - If broken, the consequences are light. Use this only for internet forums and the like.
  2. Medium - Instances that have little or no financial impact, but that you really don’t want to have messed up. Configurations on your computer, for example.
  3. High - Things that you definitely don’t want a stranger doing on your behalf, like making bank transfers or using your email address as a base for phishing schemes. This includes online banking, email and server configurations.

Here’s something else to consider as you create your three passwords. This will help you remember which password you used in those instances where you hit a login and your computer auto-fills the password with black dots, but you’re not sure if it’s the right one or not. Make sure that each of your three levels of passwords has a different number of characters. That way, you can count the dots that the auto-fill displays and know which password it’s using. Once you have your three passwords figured out, set aside some time to visit all the places you use passwords online and off, and get them all changed in one sitting.

One last suggestion...consider a password vault. This is a program that keeps your passwords encrypted in a vault that only you know the password to. It is encrypted so heavily that without the password it would take a supercomputer months to crack the vault open. Another advantage is that you can keep them on a USB drive, put it in your pocket and use the vault anywhere. They can be really handy for keeping passwords like "jixwhucdw1dw1ygd1eijUHuPhU" but not have to remember them. Again, I am happy to help with a recommendation if you need one. Feel free to (JavaScript must be enabled to view this email address) if you need some suggestions.

Now all you have to remember is where you left your car keys....

Return to the Questions page...

Have a question that's not answered here? Ask it!

Still wondering if we'd be right for your project? Tell us more.